Archive for the ‘IT Support’ Category

Creating a BYOD Policy for your SMB

Thursday, March 7th, 2013

Bring your own device (BYOD ) is the practice of allowing employees to use their personal mobile devices in the workplace. According to ZDNet, at least 44% of organizations allow BYOD now and another 18% plan to be on board by the end of this year.

BYOD has plenty of pros:

  • Cost effectivenessobvious cost savings for businesses due to the fact that employees are purchasing & maintaining their own devices. A less evident benefit is that staff members are likely to be more careful with their personal devices thus saving maintenance and replacement costs.
  • Increased productivity–allowing employees to work on their own devices from anywhere could translate to a more efficient work force.

So, of course, there must be some cons.

  • Data Security – risks due to rogue cloud users, unregulated apps third-party apps, disgruntled former employees and similar issues are all potential threats to an organization’s sensitive data
  • Physical Security – small mobile devices such as tablets and smart phones can easily be lost or stolen thus potentially giving the ‘finder’ access to your corporate network and sensitive company data
  • Compatibility Issues – Android, iOS, Blackberry, Microsoft Windows mobile to name a few current platforms. With all the possibilities out there (not to mention what could be coming down the pike), devices brought by workers are likely to face compatibility issues.
  • Legality Issues – organizations that are subject to compliancy rules such as HIPAA must observe these restrictions at all times.

What is needed for any company considering sticking their big toe into the BYOD waters is a well-defined, clearly written and easily enforceable BYOD policy. Most large corporations have likely addressed this issue but it imperative that all organizations despite their size consider implementing a policy.

So you need a clear, concise policy that all employees will sign on to. What should this policy address?

  •  List allowable and restricted devices and platforms. Prohibiting access to devices that do not meet some standard of security requirements is imperative. If possible, IT should inspect individual devices and to ensure they haven’t been jailbroken or rooted, thus compromising security.
  • List mandatory and prohibited applications. Include a list of safe applications that would be beneficial to an employee’s production and the organization’s security. Defining those applications that could carry a security risk is also wise.
  • Clearly define which employees (or groups of employees) will be allowed to use their own devices. For example, those employees who spend a vast majority of their work hours outside the office or facility will be granted permission, while those traditional in-house workers are restricted.
  • List mandatory security measures. Requiring multi-layer password protection and use of data encryption will help. Some organizations require the use of an app like Divide which separates work and personal desktops on mobile devices. This can add an additional layer of security.
  • Financial considerations should be defined. For example, who pays for repairs should a device become damaged while in use for business purposes? Who pays for voice and data charges?
  • Clearly state the consequences of violating the organization’s BYOD policy.  

Consider hiring an IT consultant with knowledge and experience in mobile technologies to assist your understanding  the pitfalls of BYOD and how to avoid them.

 

Enhanced by Zemanta

Malware and scareware and ransomware, oh my!

Tuesday, February 5th, 2013

Malware (or MALicious softWARE) comes in many forms but all forms have three basic goals: disrupt operation of your computer/network/ device, gather private information or gain control of your system. Common forms include viruses, Trojan horses, worms, rootkits and spyware. Each form works slightly differently but all methods are designed to make your life miserable.

Has this happened to you – you are at your desk, surfing the Internet and a box pops up out of nowhere  telling you your computer is at risk, or an infected file has been detected. These pop-ups look like legitimate Windows system warnings and if you just download whatever solution they are purporting, all will be well.

This is another subset of malware is called ‘scareware’.  These malicious programs entice you to download them through scare tactics. The intention of scareware is to access your credit card information, gather sensitive information (account info, logins, etc.) by monitoring your activity, or take over your computer all-together creating a spam-sending ‘zombie’.

Should you come across a suspicious pop-up, exit your browser immediately. Better yet, reboot your computer by clicking Ctrl-Alt-Delete.

In recent years, there has been a proliferation of another category of ‘scareware’ called ‘ransomware’. This despicable menace is essentially online extortion.

It works much the same as scareware with one exception – a payment is demanded from the user in order to restore the device to working order. Your computer will be rendered inoperable by locking or encrypting files or disabling input devices.  Some programs have been known take control by using your webcam to take a photo of you and display on the screen.

The intimidation may include fictitious threats from local law enforcement demanding you to pay a fine or face possible legal issues. One scam reported last summer, a malware program known as Citadel accused users of viewing child pornography and other illegal content. The victims were then instructed to pay a fee allegedly to the US Dept. of Justice!

Other times the ransomware threats can mimic a message from a valid software vendor, like Microsoft.

In a report released by Symantec last November, it is conservatively estimated that 2.9% of infected users acquiesce and pay the ransom. Considering there are hundreds of thousands of infected devices, this can translate in quite a handsome payoff for the criminal (or increasingly, gangs of cyber-criminals). Moreover, even if the funds are paid, there is no guarantee your device will be restored to its previous state.

So, how does your device get infected? A common method is termed a ‘drive-by download’.  Drive-by downloads occur when the user visits a malicious or compromised Website or opens an infected HTML-based email message.  The malware will then be automatically installed on the system. Many times, you only need OPEN an infected email!

Ways to protect yourself from malware in all forms include:

  1. Enable the pop-up blocker in your browser
  2. Install a reliable anti-virus, anti-malware program and update often
  3. Never open a suspicious email or email attachment
  4. Never download or install a program who’s origin is unknown
  5. Always backup your essential data and sensitive documents
  6. Be aware and observant

In the event you find your computer, network or device compromised, call your IT professional immediately.

Enhanced by Zemanta

Preventing Your Cloud from Going Rogue!

Tuesday, January 29th, 2013

Perhaps you have come across the term ‘Rogue Cloud’. Technically speaking, it is not the cloud itself that is operating outside the norm but the users.

A rogue cloud user is an individual (or group) within a larger organization who utilizes public cloud services for work-related purposes without knowledge, permission or management of the organization’s IT department.

Recently, there has been an explosion of the popularity of public cloud services such as Google Drive, Microsoft Sky Drive and DropBox. In an effort to be more productive, employees may utilize these public clouds to store sensitive data and confidential documents. An estimate released in 2012, claims the number of Dropbox users at 50 million and given the service is low or no cost, it is most likely that number is climbing.

.

In a recent survey of over 3000 organizations worldwide commissioned by Symantec, more than 75% of those businesses who responded admitted that rogue cloud deployment was an issue. Among those, 40% reported the disclosure of sensitive information with 25% experiencing a loss of goods or services, hacking or similar issues.

So what’s wrong with an employee being more productive, you say? Plenty.

  •  Security Issues

How secure is your company’s information on a public cloud? Who knows?

Last summer, Dropbox acknowledged a security breach. From the Dropbox blog:

Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts. We’ve contacted these users and have helped them protect their accounts.

A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam. We’re sorry about this, and have put additional controls in place to help make sure it doesn’t happen again.

Also last summer, hackers breached Wired writer Mat Honan’s iCloud and Amazon public cloud account and as he put it on his blog – destroyed his entire digital life.

As you can see, there are potential security issues that arise from storing data on a public cloud rather than keeping it within a business’s secure internal network or private cloud

  •  Backup Issues

Obviously, documents and data stored on public clouds are not contained within in an organization’s normal backup procedures, exposing the potential for loss of critical data. Mission critical data can be lost or misplaced. Or what happens if the data is in the public cloud account of an employee who is abruptly dismissed from his/her position?

So how do you avoid these pitfalls?

  •  Create and enforce an Internet security policy

A well-written Internet security policy should cover:

  • Define restrictions of employee use & suitable behavior (acceptable vs unacceptable sites, sharing copyright materials, etc.)
  • Outline procedures that should be followed to protect and manage your systems and data
  • Assign responsibilities so everyone knows their respective tasks
  • State the consequences if the policy is disregarded

Once written, it is important for management to review the policy with employees explaining the reason for its implementation, methods of enforcement and penalties for breaching the agreement.

Your company’s Internet security policy should be revised periodically to be sure it is keeping up with the latest technologies and new categories of pitfalls and threats.

  •  Implement a private cloud solution

A private cloud allows you and your employees  to access your company’s applications and documents from anywhere safely and securely thus eliminating the need for public cloud utilizations. The ability to share and edit documents in real time between multiple users is an added bonus.

Benefits to a well-designed customized private cloud solution include:

  • Security
  • Scalability
  • Reduced maintenance cost
  • Redundancy
  • Reduced equipment cost

A private cloud is the clear choice for organizations looking to reap the benefits of cloud computing without compromising critical security policies or overall system flexibility.

 

Enhanced by Zemanta

Welcome, Tina!

Wednesday, January 9th, 2013

Micro Support Group is pleased to welcome newest IT professional to our team.   Read below to find out more about Tina.

  •  What drew you to the IT field?  What is your IT background?

I have always loved finding out how things work and how to fix them. However my first introduction to a computer didn’t go so well. The very first thing I did was accidentally format one – that was back in 1988 – couldn’t even remember what operating system it was running.

After that I decided I should go to college and learn about how to properly work with one.

I have been in the banking field since I was in high school and just found I was always attracted to those keyboards and screens full of information. I got my associate degree from Bunker Hill Community College and was given more work on computers in the bank.

I began my career at a bank in Amesbury printing reports before they had a network.  As they built their first network, I assumed the position of Network Administrator. My primary functions were to make sure that security was up to date, backups were done, complete and tested, users were assisted and desktops were maintained and setup.

  •  Would you mind telling us a little bit about your family?

I’ve been married to my husband since 2007. We are the proud parents (or as she might say “parrots”) of our 5 (going on 6) year old daughter.  My husband took over his father’s business of producing antique wood car parts in 2008 just before his father passed on. Our daughter is a member of our local Daisy Troop. She is fascinated by and loves dinosaurs as evident by her vast collection of dinosaurs and books.

  •  What do you enjoy doing in your free time?

Right now I’m knitting a scarf for the first time for our daughter.  I also quilt and cross stitch as well.  I love taking our daughter to different events and activities.

This past fall I started teaching Sunday school to kindergarteners at our church. Last August, I participated in the Bible Camp run by the church I previously worked at as Administrative Assistant and Treasurer.

Oh, and did I mention my daughter and I love to go to Disney. We have made sure that she gets there once a year since she was 15 months old. (PS – I’ve been using the same stroller each time and can offer a wide background on things to do with little ones and ways to save money and time!)

Six New Years Resolutions to Consider

Thursday, December 27th, 2012

No, we are not going to discuss those last 10 pounds or your need to get off the couch. We are talking about resolutions concerning your TECHNOLOGY side.

1.       Change passwords regularly

By regularly,  at least once a month.

A good password is at minimum eight characters long and contains letters (both upper and lower case), numbers and non-alphanumeric characters, such as “&” and “%”.  Avoid using easy to guess codes like ‘12345’, ‘password’ , ‘abc123’ or the name of a family member or pet.

Consider using a phrase with the words separated by a character. For example: Coffee^is^my^favorite^drink   or  I@love@my@cat@Ziggy .

And certainly, create a password or phrase that you can easily remember!

2.       Create a backup and disaster recovery plan

Data is the heart of any enterprise from a small business to a Fortune 500 company. A disaster whether natural,  accidental or man-made can wreak havoc on your business.  Regularly backing up your critical data is not a luxury – it’s a necessity.

Backing up to tape is expensive, difficult to manage, and hardware intensive. Consider moving to cloud backup system which solves all of these problems. The data is stored encrypted so it is always secure. Since there is no hardware onsite, you avoid backup catastrophes due to bad tapes, excessive data, or failed hardware. Cloud backup is quick, cost effective, reliable and secure.

A disaster recovery plan is a documented set of actions a business uses to recover from a disaster. It can also aid in protecting the IT infrastructure. Once in place, these plans should be reviewed periodically and updated when necessary.

The plan must address: why (objective and purpose);  who (who will be be responsible in case any disruptions happen)  and  what ( what are the procedures to be followed when the disaster strikes).

 3.       Update (or upgrade) your software

A software update  (or patch) is applied over software that you already have installed. They provide minor bug fixes and enhancements and are usually provided free of additional charges.

A software upgrade is an up-to-date version of your current software. These upgrades usually involve a purchase but can many times be obtained at a reduced price for current users.

Keeping your software current allows you to take advantage of the latest in hardware support, updated features and security enhancements.

4.       Refresh (or redesign) your website

Few things can turn off potential clients more than an out-of-date website. I can tell you how many times I have seen websites that looked like they have been abandoned. Makes me wonder whether the company is just lazy or out of business. Other than losing possible customers, there are boatloads of reasons to refresh your web content. To name a few:

  • Improve search optimizations – many major search engines scan or crawl sites for new content. The gathered info is used to adjust the search rankings.
  • Updated design & functionality can increase your website’s allure. Be sure that your site does not contain any broken links or non-functioning or outmoded menu items.
  • Current material appeals to readers looking for new information. Feed into this need to obtain & maintain a following.

Updating web content is one of the most important things you can do to ensure the long-term success of your site. Look for inspiring ways that to refresh your website on a regular basis such as blogs, articles and forums.

5.       Replace obsolete equipment

It goes without saying older hardware is far more likely to fail than new equipment. Some estimates say that can add up to 50 hours of downtime per year per PC.

And if you subscribe to Murphy’s law, that failure is most likely to occur at the most inopportune time.

Be pro-active by devising a plan to bring all your devices up to date. By upgrading and/or replacing outdated devices, you will also enjoy improved energy efficiency and increased performance.

6.       Go mobile – Take advantage of the Cloud

Go “above and beyond” this year and put information that you consistently need access to or want to ensure you don’t lose into the cloud.  Many worry that the cloud is not a safe place for your data but with increased security and protections provided by most technology companies the cloud is likely a safer place than your home PC which can easily be infected with viruses or be devastated by serious hardware problems.

If you are like most people, mobile devices are no longer a luxury but a necessity. Some 75 percent of mobile users say mobile devices are now “critical” to their jobs, and 67 percent say their businesses would be less competitive without the use of mobile devices.”  The cloud is a critical part of all these mobile devices and can help you to stay organized and protected.

——————————

Well, we hope these suggestions help you in the upcoming year.  If these resolutions spur any questions or make you want to take action give us a call.  We are happy to help you have a technologically excellent and safe 2013!

 

Happy New Year!

-The Micro Support Group Team

_______________________________________________________________

For more info:

http://www.pcmag.com/article2/0,2817,2368484,00.asp

http://www.forbes.com/sites/kevinjackson/2011/09/17/the-economic-benefit-of-cloud-computing/

http://www.sans.org/reading_room/whitepapers/recovery/disaster-recovery-plan_1164

http://www.markethealth.com/articles/view/five_reasons_why_you_need_to_constantly_refresh_your_web_content.php

 

Enhanced by Zemanta

Welcome to Our New Website!

Friday, June 11th, 2010

Hi and welcome to Micro Support Group, Inc’s new website!  We have spent the last few months working with website designer Mike Sperling to develop a more modern and functional website for you, our customers.

Please take a minute to take a look around and let us know if you think there is anything we can do to improve the look or functionality.

One of our favorite new additions is this blog section.  Here we hope to post and comment on interesting events or new technologies that might help to better serve you and your business.   Please feel free to comment on anything you see here and tell us what’s going on in your world.

Well stay tuned for now and have a great day!