Category Archives for Network Security

3 “Gotchas” Most IT Pros Won’t Tell You When Selling You Their Cloud Solution

Are you using any cloud applications to store data?

Then listen up!

There are a few “gotchas” you need to know about 3rd-party cloud apps that most sales reps will NEVER tell you.

  1. They aren’t responsible for keeping a backup of your data. If you read the small print of your contract, you’ll see that in every way possible, your cloud provider is NOT responsible for data loss or backups – even if it’s their fault. In fact, Office365 will only keep 3 days backup of your data; so if you delete or overwrite a file and don’t notice it until 4-5 days later, it’s GONE. If your data is important, you need to implement a backup solution that works with cloud applications.
  2. What you see may NOT be what you get. There’s nothing more frustrating than an incredibly slow application when you’re trying to work; and the salesperson demo’ing the application or platform is going to make sure you only see the BEST-case scenarios for performance. But there are a lot of things that can determine how fast your cloud applications run, such as the file size you’re working on, CPUs and RAM and storage, time of day, day of the week, your Internet connection and the number of users accessing the application. Make sure you get some verification of the speed in YOUR specific environment before spending a lot of money, time and aggravation moving to a new cloud application.
  3. What if they cancel you? Here’s a scary situation: what if your cloud provider decides to shut down your account because they go out of business or simply decide not to service you anymore? Or what if YOU want out? Make sure you have in writing what happens if YOU cancel your contract AND what your cloud provider can and cannot do if they go out of business, cancel your account or have any other issues that would cause service interruption. Moving a network from a cloud platform is NOT a simple task and you need to make sure you can get your data and that you’ll be given sufficient time to make the transition.

Need help interpreting any of these scenarios?

CIO has “gotcha” covered!

Give us a call at 314-414-8400.

We will help you put in place a solid “Plan B” for any of the above issues, so you never have to worry about your 3rd party cloud applications saying “gotcha, too late.”

 

 

Tech Troubles Just Waiting to Happen…

Is technology working smoothly in your business? For most, there are at least a few challenges and frustrations. However, even those lucky few who think they are in good shape may have hidden issues waiting to be uncovered. Here are some common “gotchas” that can cause a huge amount of grief if they aren’t caught in advance. Check into these potential trouble spots now to prevent disastrous issues later.

Security Updates are Stalled

With all the hacker attacks lately, you’ve surely heard how important it is to apply Microsoft patches on a regular basis. You can set these to apply automatically, and you may have done exactly that. If you think that makes you safe, think again. It is common for security updates to stall or fail from time to time, which means it’s very likely at least a few of your PCs are behind on patching and thus vulnerable to hacks. Your servers require reboots to complete certain patches, and those have to be done manually to avoid unexpected downtime. Those pending reboots can hold up additional patches that need to be applied. Again, you may not be as up-to-date as you think. Better safe than sorry – go check, now.

Default Passwords in Use

You have a password policy in place requiring complex passwords that change every few months, right? Believe it or not, the most common passwords in use are “password” and “123456.” How hard is that for a hacker to guess? For network equipment, hackers try the default administrator passwords that are factory-programmed. If your IT guy never bothered to change them, or you don’t have an IT guy and just plugged it in hoping it would work, you are easy prey.

Thinking You Will Know If You are Hacked

Most people are under the mistaken impression that they will know if they are hacked. Viruses like Cryptolocker make the news because they are so visible and bold. The virus encrypts all your data and requires a paid ransom to release it. These hackers use the “dark web” (a hidden part of the Internet) and BitCoin (a digital currency that is difficult to trace) so that their identities are not revealed. If you get hit with this hack, you’ll know it. However, more often a good hacker will leave no trace. They will get in, steal your data, and get out. Like the Cryptolocker hackers, they too rely on the dark web, where they can sell credit card numbers, social security numbers, and other financial data. They can make a lot of money doing this.

Unlicensed Software

Often as your company grows, your tech will reuse software licenses. If these are paid, and the right type of licenses, that’s just fine, but it’s easy to lose track or make a mistake in how they are used. “OEM” licenses, for example, cannot legally be transferred to another computer or server. Volume licenses let you have multiple activations, so you can keep using them, but you have to pay enough to cover what you are using. That may not seem like a big worry, but there is a very unfriendly organization called the Business Software Alliance (BSA) that seeks out companies with licensing issues. They pay handsomely for tips, to incent employees to tattle on their employers. They even advertise on Facebook these days, so they are becoming more and more visible. If you become the target of an investigation, you will need legal counsel, you could face 6-figure fines, and it will take a tremendous amount of time to resolve. It’s not worth the risk.

Expired Support Contracts

Nearly every tech vendor offers support contracts for their products, whether it’s hardware or software. The expense can add up fast. Vendors often let you choose different plans with different response times – for example, do you want to get replacement parts within 4 hours or is the next business day acceptable? Do you want to be able to call for help 24×7, or will business hour support be sufficient? When things are running smoothly you may feel like a lower level of support is just fine, but if you are in the middle of a crisis, consider what you would want in that case. If you call in only to find you no longer have support, you could spend precious hours just trying to sort that out before you can even start to get the help you need. Downtime is costly. When key equipment like a server or firewall fails, you need immediate assistance to get your business back on track.

Backup Failure

Once you get your backups set up, they just keep running…right? Unfortunately not. Backup jobs may work flawlessly for months on end, and then for no obvious reason they start failing. Or you may find that backups appear to work fine, but they were set up incorrectly, so you don’t have everything you need. Or the backups run successfully, but the recovery process fails. There are many points of failure in the backup process. The way to head off these problems is to do recovery tests at least a few times every year, and be sure to monitor the backup jobs in between. When you do a recovery test, you restore entire servers in a test environment to make sure they come up properly. The better quality backup software options have ways that this can be done easily, and regularly; with lesser quality products this can be a very complex, time-consuming endeavor. Don’t forget to test your offsite backups as well. If you don’t run these tests, you may find out the hard way that your backup didn’t work. Businesses that face a catastrophic data loss rarely survive.

Do It Now

Technology is complex, and it is easy to find potential problems lurking just beneath the surface. Everything here is important but not urgent – at least, it’s not urgent until a problem hits. Take action now to prevent devastating issues later.

 

Do I Need To Back Up Data That’s Already In The Cloud?

Picture1The computing world is forever changing.

Over the last 15 years, SaaS (software as a service) providers have offered the convenience of data backup for your cloud applications such as CRM systems, SalesForce, Google Apps and Microsoft Office365.

The business question is, if I’m already working with a SaaS provider and my data is already “in” the cloud, do I really need to back up my data to another cloud? After all, isn’t the SaaS provider doing that for me?

Well yes, and no.

Yes, your data (one of your company’s most valuable assets) is being backed up by the service provider. And yes, it’s in the cloud.  And yes, these providers have backups to their backups…but are they backing up your business-critical information? Can you guarantee that? And do you have access to it in a timely manner? The answer to these questions may be no.

As a rule, SaaS providers do not open backups to customers nor do they make restoring critical data easy or intuitive. For example, SalesForce, the first commercially available SaaS application, does nightly customer backups. But if you need to recover your data, you have to go directly to SalesForce and pay a minimum of $10,000 then wait a few weeks for your data to be restored.

There’s no question that the results of data loss can be devastating to your company. But when it comes down to it, it’s your company information and you need to take responsibility for safeguarding it.

You need to have a strategy in place.

Want to learn more about how to back up your cloud SAAS applications?  

To schedule a time to discuss your particular situation and what solutions are available for you, contact our office at:

314-414-8400 or here.

 

Windows Server 2003 Set To Expire July 14th! Is Your Business At Risk?

alertIf your organization is currently running either Microsoft Windows Server 2003 or Exchange 2003 on any servers in your office, you need to know about a dangerous security threat to your organization that must be addressed very soon.

Windows Server 2003 and Exchange 2003 Replacements MUST Be Made By July 14, 2015

Microsoft has officially announced that it will retire all support on the Server 2003 operating system on July 14, 2015. That means any business with this operating system still running will be completely exposed to serious hacker attacks aimed at taking control of your network, stealing data, crashing your system and inflicting a host of other business-crippling problems you do NOT want to have to deal with.

This is such a serious threat that the US Department Of Homeland Security has issued an official warning to all companies still running this operating system because firewalls and antivirus software will NOT be sufficient to completely protect your business from malicious attacks or data exfiltration. Running Server 2003 will also put many organizations out of compliance.

Unless you don’t care about cybercriminals running rampant in your company’s computer network, you MUST upgrade any equipment running this software.

FREE Windows Server 2003 Migration Plan Shows You The Easiest, Most Budget-Friendly Way To Upgrade Your Server

During the month of April, we are offering a FREE customized Windows Server 2003 migration plan to all businesses still running this operating system on any computers in their office.

At no cost, we’ll conduct a full analysis of your network to help you determine what specific servers will be affected by this announcement. Additionally, we will provide a detailed analysis of all upgrade options available to you, along with the pros and cons of each option. While there, we will also assess other security, backup and efficiency factors that could be costing you in productivity and hard dollars. We will then put together a customized Server 2003 Migration Plan specifically for your office.

To schedule your FREE on-site assessment and Windows Server 2003 Migration Plan today, contact us to get started.

Not sure if you need an upgrade or what server you are running?

We can help with that too!

Just contact us today and say:

Help! Is my business at risk?

 

Luck Is For Leprechauns—Is Your Business Prepared for Future Security Threats?

Picture3If your business hasn’t been the target of malicious intruders or cybercriminals, consider yourself lucky. Hackers are a relentless bunch and they want your gold: information and access they can use to exploit loopholes in your business’s Internet security. The last few years have been hard on companies all across the globe. And these cyber-breaches aren’t going to stop simply because the “damage has been done.” In the US and Canada, reported incidents have affected over 215 million consumers and over 7 million small businesses. And that’s only counting the attacks that authorities have uncovered.

For cybercriminals, there is no end game. All too often, small business owners assume they are outside the firing line and hackers aren’t interested in them. While the media focuses on the big cyber-attacks, there are countless other stories playing out at small businesses everywhere. Cybercriminals are constantly in search of loopholes and weak security. And, unfortunately, small businesses often have the weakest IT security.

Security industry analysts predict that 2015 won’t be much different from 2014 when it comes to cyber-security. There are going to be more data breaches. It’s just a matter of where and when. It’s also a matter of being prepared.

During the month of March, we are offering local businesses a FREE 12-Point Cyber-Security Audit to help uncover loopholes in your company’s online security. At no cost or obligation, our highly trained team of IT pros will come to your office and conduct this comprehensive audit. And after we’re done, we’ll prepare a customized “Report Of Findings” that will reveal specific vulnerabilities and a Prioritized Plan Of Attack for getting any problems addressed fast.

Because of the intense one-on-one time required to deliver these Cyber-Security Audits, we can only extend this offer to the first seven lucky companies who request it.

All you have to do is call our office at 314-414-8400 to request yours today.

 

Windows Server 2003: RIP 2015

In 2014, Microsoft ended support for Windows XP. In 2015, Windows Server 2003 is on the chopping block. Are you ready? Support ends July 14, 2015, which means you need to start planning your transition now.

Why It Matters

Your first question may be, “why does this matter?” If you have an old server running, and it’s completely stable, why mess with it, right? Aside from the obvious – no support – a key reason to upgrade is security.

We’ve had wave after wave of major security exploits this year. In many cases these exploits targeted older technology that was seemingly secure – for example, the HeartBleed bug. If new exploits come out that impact Windows Server 2003, there will be no patch. You will be vulnerable, which means you will be scrambling to upgrade on an emergency basis. If you get hit with a virus that exposes customer information, it could be a public relations nightmare.

Even if your own server doesn’t get hit, performing a server upgrade under those circumstances isn’t likely to go well. Bear in mind that software designed to run on Windows Server 2003 isn’t likely to play nicely with Windows Server 2012 (the current version). That means you’ll have to upgrade your software at the same time you upgrade your server.

A related issue is regulatory compliance. Most regulated industries, like medical or financial, require you to run on supported software. After July 14, 2015, you will be out of compliance and could be subject to penalties.

Your Options

The most obvious solution is to upgrade your server to a newer version. 2012 is the latest, although you can still get the 2008 version through Microsoft’s Volume Licensing Program.

However, you shouldn’t automatically assume a new server is the way to go. If you are running a software applications on an old server, check with your vendor to see if they have a hosted “cloud” version. If they do, consider migrating your software there. Then you can retire the server instead of replacing it.

If it’s running email and sharing files, check out cloud services like Office365 (from Microsoft). You’ll need a fast and reliable internet connection, but this is another case where you may be able to migrate to the cloud instead of replacing an old server.

There is one last option: you can pay Microsoft an exorbitant fee for ongoing support, but it is unbelievably expensive and intended only for large corporations.

If You Upgrade

If you decide to replace your Windows 2003 Server, where do you start? How do you plan?

First, inventory all software applications running on your old servers, so you know what you have to move. For each one, contact the vendor. Find out what has to be upgraded and how to handle migration. Renew your support contracts and be prepared to spend extra for upgrades. Don’t forget to check out training. New versions will likely be more intuitive and more efficient, but your team will need help if the latest version of the software looks completely different from what they use today.

Your worst case situation will be if you have old, custom software, or anything that cannot be upgraded to a new version. If you run into this, consider switching to a new software application that does the same function. It is terribly risky and expensive to keep running on old unsupported software versions, especially when it’s critical to business operations.

Next, check your hardware. If your server is more than four years old, you should upgrade to improve performance and reliability. In most cases it makes sense to virtualize your servers. This means that you use a tool like VMWare or Hyper-V that allows you to install multiple “virtual” servers on one physical server. It’s much like buying a building and having several tenants share the space and resources.

Finally, check your Microsoft software licenses. If you already have some newer servers, it’s possible you are already covered. In a virtual environment, there are a few exceptions but generally one Windows Server license can be used for two virtual servers. If not, you will need a Windows Server 2012 license. You will also need the appropriate number of CALs (client access licenses) which are dependent on the number of users or devices on your network. This is a one-time purchase that applies to the environment overall, so if you add more servers in the future you don’t need more CALs. You only add CALs when you add users or devices. If you are running Microsoft SQL Server, you’ll need to upgrade that as well.

At this point you know what you are migrating, but you still need to create a step-by-step plan. You can set up the new server in advance, but any software migrations will need to be carefully coordinated. Bring in the expertise you need to ensure a smooth transition; otherwise you could experience significant disruption to your business.

If You Move to the Cloud

If you are able to migrate your software to cloud applications, enlist your vendor early on to create a migration plan. The cloud version of your software may have different features that need to be configured, and your team may need training. There will be a data conversion step, where they take your data from the current system and move it into the online version. You’ll normally do this first in a test environment, to make sure it all works. Then you’ll pick a date for the actual migration. This could take an hour or a few days – it just depends on the complexity of your software.

Final Steps

Whether you upgrade or move to the cloud, there’s one last step: retiring your old servers. Turn them off, but keep them around for just a few months. Better safe than sorry – you may find something you missed. After that, have the data on the hard drives destroyed and turn them in for recycling. And enjoy your new applications and the efficiency they bring!