The Acumen IT Support blog provides you with helpful articles about security topics.

Technology threats are a pervasive business problem. We know exactly how to protect your business from a security disaster. Some of our best practices include firewalls and anti-virus programs, Unified Threat Management, mobile and wireless security, VPN and passwords.

This web site provides a good overview.

Computer Security Wikipedia

Click, Click, BOOM – You’re in Business But Is Your Technology Ready?

Click, Click, BOOM – You’re in Business But Is Your Technology Ready?

It’s a fast business world. Brilliant business ideas can be conjured up at some hipster-filled vegan coffeehouse, a website is thrown together, and poof… in no time at all there is a living, breathing, small business venture accessible from anywhere in the world.

But as your head hits the pillow at night, with visions of becoming the next Mark Zuckerberg dancing in your head, understand that many obstacles will greet you on your road to entrepreneurial success. A fresh innovative idea is merely a start. For every successful startup like Groupon, there are even more that have faltered. Some great, even revolutionary, business concepts that just faded into obscurity; leaving behind nothing but tales of what could’ve been and insurmountable debt.

Failed business technology is often a big reason for this. Many startups think big but tend to operate small-minded to keep overhead and costs down. They then find themselves completely unprepared to meet the demands of growth, particularly when it comes to their IT infrastructure. There is no one-size fit all approach to how to manage technology for optimal efficiency, uptime, and profitability. Especially given the challenges of limited budgets and the need to keep overhead down.

So exactly how do SMBs make sound decisions regarding their technology infrastructure? Choices that are cost-effective enough to get their business off the ground and running without screwing them over once it truly takes off?

Combine On-Site and Off-Site Support for the Best of Both Worlds

Over 45% of SMBs have no dedicated in-house IT staff and no contracted IT consultant regularly monitoring and managing their technology. Roughly only 7 percent of SMBs have a full-time onsite IT technician on payroll. The rest rely on third-party on-call IT companies who appear only when technology goes haywire and disrupts business. These on-call companies can sometimes take a day or two to even show up, which means issues aren’t resolved in a timely and efficient manner. And did we mention they’re expensive?

Most SMBs say they simply can’t afford full-time in-house support. Even those who do budget for it face overwhelming challenges. They often experience a revolving door of on-site help who leave for a larger company and better salary once they’ve beefed up their resume. And those hires that do remain loyal often feel as if they have no reliable help and become overworked and frazzled as the business and their responsibilities grow. Discontent may even set in if wages aren’t raised proportionately to the added responsibilities, or if they grow bored of doing the same mundane repetitive work everyday.

But today’s SMB has access to technology that won’t drain resources. In particular, the evolution of cloud computing and managed services can either automate or re-assign a lot of the day-to-day caretaking of technology to remote employees, leaving onsite support available for more meaningful and potentially profitable projects.

Better yet, it saves money on equipment costs.

Whenever possible, a mix of on-premise and off-premise IT support is the best way to make your technology scalable and prepared for growth.

Contact us at Acumen Consulting

/by

How to Trim the Fat From Data Center Costs

How to Trim the Fat From Data Center Costs

When smaller businesses look to cut costs, they commonly take shortcuts that are risky to their bottom line. They may go out of their way to avoid upgrading dated hardware, buying software licenses, or increasing bandwidth. In some instances, they layoff in-house IT support, or avoid hiring new help, even as the business grows. This often leads to a very cranky and disgruntled “IT guy” with a bad attitude as he or she runs around the office putting out one fire after another – feeling overburdened and underpaid.

Operating even the most basic data center today means recurring operating expenses that aren’t affordable for most small-to-midsize businesses.

Unfortunately, SMBs just have to accept that keeping their data center alive and kicking means significant overhead and expenses. That’s just the way it is.

Or is it? There are actually several ways to reduce data center infrastructure costs without sacrificing the efficiency of your network, server, and applications, or the sanity of your IT guy.

Rent, Don’t Own: A data center needs experienced people and a virtual, always-on, 24/7 staff of administrators, networking experts, database specialists, systems managers, and dedicated IT personnel monitoring the network. From an economic perspective, it’s simply more logical to “rent” these workers rather than hire permanent employees.

Keep Things Remote & Energy Efficient: According to a study published by the U.S. Department of Commerce, the fastest-growing sources of U.S. energy consumption are data centers. This is due to the increased power supply required to run and cool a data center. Hardware sprawl is also a problem contributor, as most businesses have space limitations and lack the available room for any additional hardware.

Embrace Outsourcing

Both of the aforementioned cost control measures can be accomplished by outsourcing data center operating expenses. Outsourcing isn’t a dirty word. Managing IT on your own is difficult and far from cost effective. Outsourcing the day-to-day IT management responsibilities through a Managed Services Provider is a strategic way to improve the efficiency of operations and dramatically cut costs.

Is it any surprise that more and more SMBs today are tapping into the full spectrum of outsourced managed services to empower their business processes and reduce overhead? Are you?

Contact us at Acumen Consulting

/by

Inquiring SMBs Want to Know… What’s the Difference Between a Help Desk and NOC?

Inquiring SMBs Want to Know… What’s the Difference Between a Help Desk and NOC?

It’s no secret that any growing small-to-medium sized business must monitor and manage its business technology in the most cost-efficient way. The tricky part is figuring out how to do this without sacrificing the overall experience of the end-user. End-users can be clients and customers or employees. Both rely on the efficiency of a firm’s network, servers, and applications, and the availability of the company’s data center.

Thanks to the evolution of managed services, it’s actually possible these days to reduce costs, which strengthens IT support and infrastructure. It’s just a matter optimally integrating all available resources.

It’s a Staffing Conundrum for Most SMBs

Most SMBs tend to be short staffed. This isn’t just another reference to the many SMBs with little to no onsite tech support. While that’s true, and problematic, it’s actually all operations that tend to be short staffed.

Small yet growing companies and organizations aren’t just short on tech support; it seems like even their administrative assistant needs an assistant to keep up. Customer support and sales teams are also overworked, and often hindered by having to understand and troubleshoot tech problems when they have no tech expertise whatsoever.

There is no, “Hold for a moment, Sir. I’m about to transfer you to our tech support team.” There is no tech support team.

This is where managed service providers (MSPs) step in to save the day. MSPs help SMBs better manage their technology to achieve greater ROI (Return-on-Investment). One way they do this is by augmenting a SMBs existing on-site staff with the remote support of a 24/7 Network Operations Center (NOC) and Help Desk.

What’s the Difference Between a NOC and Help Desk?

This question is asked a lot because it’s really not uncommon to see both referenced interchangeably, which leaves many to assume they are one in the same. They are not. Here is the easiest way to distinguish between the two.

NOC: Most of the work performed by a NOC focuses on the network and systems. The NOC can almost be viewed as a mission control center. They monitor and manage an IT network. A 24/7 NOC typically monitors the network and system security, performance, and backup processes.

Help Desk: The Help Desk is more customer-oriented. The Help Desk has interaction with the end-user, or someone representing the end-user, to directly respond and resolve technical problems as they arise. Customers or employees can typically reach the Help Desk by clicking a support icon, emailing them, or dialing a toll-free number.

Do the Help Desk and the NOC Interact?

Although the NOC and Help Desk are different, they do work together, along with any in-house tech support, to provide cohesive tech solutions to end-users. The Help Desk typically has three tiers of support and may sometimes have to escalate tickets to the NOC for resolution.

This open communication, and ease of escalation, improves the end-user experience and serves as a proactive cost-efficient approach to managing SMB technology.

Contact us at Acumen Consulting

/by

The Good, The Bad, and the Ugly of Mobility and BYOD

The Good, The Bad, and the Ugly of Mobility and BYOD

There are a lot of advantages to mobility in today’s workforce, but the Bring-Your-Own-Device (BYOD) movement has also brought its share of headaches as well.

We live in a society where everyone must have the newest technology. We are inundated with ads reminding us that the smartphone or tablet we just bought a year ago is laughably outdated and inferior to the upgrade that just hit the market.

People who have just bought the latest technology don’t want to have to set it aside to use a separate company-issued device. As a result, businesses are beginning to grant these employee-owned devices access to their file and email servers, databases, and applications.

While this brings certain competitive advantages to employers, it naturally carries many risks, too.

Let’s begin with the pros of BYOD…

The Advantages of BYOD

Greater Flexibility and Productivity – Personal devices allow workers more flexibility, which in turn can increase productivity. Today’s employee isn’t restricted to their office workstation or cubicle. They can carry out job responsibilities from home, a coffee shop, their child’s dance recital, or while traveling.

Reduced Costs – Purchasing even the most basic Blackberry for an employee can cost a company $900+ per worker. Costs like that can be completely eliminated by adopting a BYOD policy where employees are required to use their own device.

Happier Employees/Attractiveness to Job Seekers – Recent studies have found that 44% of job seekers are attracted more to employers who are open to BYOD and occasional remote work. Beyond this hiring advantage over competition, it has been found that employees as a whole are generally happier using the devices they own and prefer for work purposes.

Better Customer Service – This goes hand and hand with more flexibility and productivity. Mobility allows employees to occasionally resolve or escalate urgent client issues outside of normal working hours, and clients remember that kind of response time.

And now the cons of BYOD…

Disadvantages of BYOD

Compromised Data Security – Unfortunately, letting employees use their own smartphones, tablets, and laptops increases the likelihood of sensitive company or customer/client data being compromised. It is important for companies to establish a comprehensive mobile device security policy and never make any exceptions to it whatsoever. Really. No exceptions. Ever.

Employee Privacy – Many employees may oppose using their own devices for work, especially if it’s a company requirement that they aren’t reimbursed for. You have to remember that these are the same devices employees use to log into their Facebook and Twitter accounts or do their online banking. In this age of constant paranoia over big brother watching our every move, employees may be concerned that their employer will spy on them or access their personal passwords and information.

Handling Employee Turnover – Companies must consider how they will address the retrieval of company data and information from an employee’s device if the employee either quits or is fired. Some companies may require that employees only save or edit company files on their servers or use cloud-based sharing software like Dropbox to share and edit docs.

The Importance of a Mobile Device Management Tool

Obviously, businesses must keep track of all of the devices that access their server, applications, and data. Mobile Device Management helps enterprises centralize what is an otherwise chaotic hodgepodge of devices and operating systems. This ensures that all devices are configured, deployed, and properly monitored and managed. This is a smart way for businesses to embrace BYOD while securing data and applications across multiple devices.

Contact us at Acumen Consulting

/by

Website cloning: Don’t fall for that trap!

Website cloning: Don’t fall for that trap!

Have you watched one of those horror movies where the something impersonates the protagonist only to wreak havoc later? Well, website cloning does the same thing–to your business–in real life. Website cloning is one of the most popular methods among scammers to fleece you of your money.

As the name suggests, the cybercriminal first creates a ‘clone’ site of the original one. There can be a clone of any website, though retail shopping sites, travel booking sites and banks are the favorites of cybercriminals. The clone site looks exactly like the original one, barring a very miniscule change in the url.

Next, they will create a trap intended to get unsuspecting victims to visit the clone site. This is usually done via links shared through emails, SMS messages or social media posts asking them to click on a link to the clone site. The message urges the recipient to take an action. For example, a message that presents itself as though it is from the IRS, asking the recipient to pay pending taxes by clicking on a specific link to avoid a fine or business shutdown, or an SMS about a time-bound discount on iPads. Sometimes, they go straight for the target and masquerade as a message from your bank asking you to authenticate your credentials by logging into your banking portal–the only glitch, the banking portal will be a clone.

Staying safe

So, how do you identify a clone website and a dubious message?

  • Does the email sound too good to be true? Well, then it probably is. Nike giving away free shoes? Emirates Airlines giving you free tickets to Europe? Apple iPhone X for just $20? All of these scream SCAM!
  • Even if the message sounds genuine, such as an email from your bank asking you to authenticate your login credentials, check the email header to see if the sender’s email domain matches your bank’s. For example, if your bank is Bank of America, the sender’s email ID should have that in the domain. Something like customercare@bankofamerica.com could be genuine, whereas, customercare@bankofamerica.net is suspicious.
  • Check the final URL before you enter any information to make sure it is the actual one. Most shopping/banking websites, where payments are made and other personal details are shared are secure (HTTPS)and will have a lock symbol at the beginning of the URL. Also, check the domain. For example, something like- www.customerauthentication.com/bankofamerica is not

Identifying a cloned website is tricky, but it is not something you can afford to ignore.Giving away your personal and financial information to a fraudster can cause a lot of harm to you and your business.

/by

BYOD=Bring your own disaster?

BYOD=Bring your own disaster?

Workplaces today have changed. They extend beyond the working hours, beyond the cubicles. Whether you are commuting to work or even vacationing, chances are you or your employees take a break from the break to reply to those important emails that require ‘immediate action’. Plus, there may even be employees who are not even on the same continent as you. What does all this mean for your business in terms of IT security? Does BYOD translate to bring your own disaster to work? This blog explores the risks of BYOD culture and offers tips on how you can avoid them.

When you adopt a BYOD culture at your business, you are opening the virtual floodgates to all kind of malwares and phishing attacks. Your employee may be storing work-related data on their personal devices and then clicking a malicious link they received on their personal email or (even whatsapp in case of tablets or smartphones) and put your entire network at risk. Secondly, you cannot control how your employees use their personal devices. They may connect to unauthorized networks, download unauthorized software programs, use outdated antivirus programs etc,. Even something as simple and harmless as the free wifi at the mall can spell danger for your data.

What you can do?

First of all, if you have decided to adopt the BYOD culture in your organization, ensure you have a strong BYOD policy in place. It should cover the dos and don’ts and define boundaries and responsibilities related to the BYOD environment.

It also makes sense for you to invest in strong antivirus software and mandate those employees following the BYOD model to install it. You can also conduct device audits to ensure your employee’s personal devices are up-to-date in terms of software, security and firewall requirements to the extent that they are safe to be used for work purpose.

And one of the most important aspects–train your employees on the best practices related to basic data security, access and BYOD environments. This will ensure that they don’t make mistakes that prove costly to you. You can conduct mock drills, tests and certifications and provide the BYOD privilege to only those who clear your tests. You could also use positive and negative reinforcements to ensure everyone takes it seriously.

BYOD is great in terms of the flexibility it lends to both–the employer and the employee, and the trend is here to stay. It is up to businesses to ensure it helps more than it can hurt.

/by

Get smart about smartphones

Get smart about smartphones

With flexible working schedules, remote teams and Bring Your Own Device (BYOD) policies in force, it is has become commonplace for employees and business owners alike to use smartphones for work purposes. A quick reply to an email, sharing that sales presentation, glancing over that vendor proposal–all on a smartphone–is something we all do on a daily basis. But with this convenience comes great security risks.

This blog discusses what they are and how you can avoid them.

Mobile devices are lost/stolen more easily

Unlike desktop computers, your smartphones and tablets are easier to steal. O, you may even forget yours at the restroom in the mall or in the subway, and along with it, goes all confidential data.

Phishing: Avoid biting the bait

A smartphone user is more likely to fall for a phishing scam on two accounts–one, with messaging apps like whatsapp, facebook messenger, etc., chances of getting phishing links are higher. The smaller screen size can make it difficult to clearly verify the authenticity of the site being visited.

Free Wi-Fi = free malware

Free wifi makes everyone happy. The smartphone user, the shopkeepers and also malware distributors! Your smartphone literally travels everywhere with you. The mall, the coffee shop, the movies and then to work as well. Just like how humans can catch the flu and make everyone at work sick, your mobile device can get infected with a malware and spread it across your network in the office.

What you can do?

You have antivirus for your computers, why not for your smartphones and tablets? We all know how disastrous a malware attack can be to your data, devices and your brand, in general. Consider installing antivirus software in your mobile devices to safeguard them from such attacks.

How do you prevent misuse of your debit card? With a PIN number, right? You can do the same to your phone by protecting it with a passcode so the miscreant will not be able to use it to access your data. Also, there are apps that let you wipe out all the data from your smartphone remotely in case you lose your device.

Be careful when downloading data and even 3rd party apps on your phone. Double check URLs when browsing online using your phone and don’t click on messages with links that seems malicious. In such cases, remember, if something seems too good to be true, it almost always is. Chances are, you may have not won that million dollar lottery or that all-expenses-paid trip to Europe.

And, spread the word amongst your employees. Their phone has the power to damage your brand! Take care.

/by

Why you need the cloud?

Why you need the cloud?

When talking to our clients, we have noticed that SMBs often think the cloud is something for their bigger counterparts to explore. We hear objections like, “But, it’s too complicated.”, “The cloud sounds expensive.”, “We are a small business, we don’t think we need the cloud.”, Hold on!

In reality, it is the SMBs that benefit the most from the cloud. Here’s how…

The cloud grows with you

Yes, you may be a SMB today and perhaps a few desktops and in-house hard-disks are sufficient as of now. However, as you grow, your data storage needs will increase and you will need much more than a few external hard-disks. Servers become expensive and wholly owning one is not very cost-effective.Change the dynamic:he cloud grows with you–you can scale up or down on cloud usage easily and save on costs. Plus, when using cloud storage, you are sharing your server space with others, so you essentially pay for only what you use.

Security is not your concern

When you store your data in-house, the headache of security, backups and updates falls on you. However, with the cloud, all of that becomes your cloud service provider’s responsibility. You focus on running your business and your cloud service provider will take care of your data’s security and accessibility. .

Accessibility

When you store your data on the cloud, it is accessible from anywhere using the internet. That lends a lot of flexibility to you. You or your employees don’t have to be in the in the office or have immediate access to their computers to be able to work. A quick order can be processed or an invoice can be raised even using an iPad or a smartphone!

So, don’t you think it may be beneficial to get a little ‘cloudy’? For more, download our whitepaper- Demystifying the cloud in layman’s terms

/by

Don’t sign up with that MSP just yet!

Don’t sign up with that MSP just yet!

The decision to sign up with a MSP is a big one–you are essentially trusting someone with the backbone of your business–your technology infrastructure, so you need to make sure you pick someone with whom you can have a mutually beneficial, long-term relationship. This blog discusses what you need to know before you sign up with a MSP.

Values: Your MSP is your technology partner and for your partnership to be smooth, make sure you pick a MSP whose core value system matches yours as a business.

Knowledge, skill set and experience: Does your MSP have the skillset and the resources to cover all your IT needs? Are they experienced in working with SMBs? How long have they been in the business? Make sure you have satisfactory answers to these questions before you bring your MSP on board.

Flexibility: Does your MSP let you pick and choose whatever services you want, or do they sell it as a fixed package? Having the option to choose what you want lets you invest your money where you really need to.

Service and support: You are opting for a MSP so you can get solid IT support–the kind you can’t get with an in-house IT team owing to resource constraints. So, make sure your MSP will actually provide you that. Talking to their existing clients can help you figure out how good they are in terms of service and support.

To have a MSP manage your IT needs successfully, you need to create a strong partnership with them, where they help you grow and are agile enough to scale up or down to suit your business demands. There are plenty of MSPs in the market, but not everyone will fit well with your needs.

Our recent whitepaper explores this in detail as it discusses the 8 things you need to know before you partner with a MSP for your IT services. Please click here to download the whitepaper.

/by

The biggest threat to your IT infrastructure: Your own employees

The biggest threat to your I.T infrastructure: Your own employees

Did you know that your employees often unwittingly ‘help’ cybercriminals gain access to your system? Often, employees play a part in compromising the security of your IT infrastructure, even without them realizing it. For example-

When your employees use their own devices for work purposes such as to access emails, to connect to work servers or to work on office files. In the event their device gets infected by a malware or hacked, the virus or the hacker gets access to your data as well. Your employees may put your network at risk by connecting to unauthorized networks, downloading unauthorized software, using outdated antivirus programs etc, on their personal devices and then using it to access work files.Then, there’s the chance of them losing their devices such as smartphones, laptops or tablets putting your data at risk.

Your employees may also fall victim to phishing messages and scams and expose your network to the biggest risks out there, unintentionally. Plus, there’s always a slim chance that a disgruntled employee looking to make a few quick bucks may actually compromise on confidential business data intentionally.

So, what can you do to keep your IT safe?

  • Train your employees through drills, workshops and classroom training sessions that help them identify possible IT security threats
  • Establish clear IT usage policies related to password management, use of personal devices, data sharing and internet access
  • Conduct timely audits and have positive and negative reinforcements in place to ensure policy adherence
  • Install physical and virtual security mechanisms like CCTVs, biometric access, software programs to track employee activities when they are accessing your network and data, etc.,

IT is the lifeblood of your business and when you let your employees access your IT network, you are, in a way, trusting them with your business. Make sure they are trained and trustworthy enough.

/by

3 things your Managed Services Provider (MSP) wants you know

3 things your Managed Services Provider (MSP) wants you know

Are you considering bringing a MSP on board? Or perhaps you already have one. Either way, for you to truly benefit from your relationship with a MSP, you need to build a solid bond with them. As a MSP who has been in this business for long, I can tell you the 3 important steps that will help you get there.

Share, share, share

Your MSP is your IT doctor. Just as you would share everything about your health with your doctor, you need to share everything related to your business that impacts your IT, with your MSP. Give us an overview of your business and answer questions such as

  • What you do exactly as a business
  • Who are your key clients
  • Which industry verticals do you serve
  • What are your peak and lull seasons, if you have them
  • What are the core regulatory codes that apply to you based on the industries you work for
  • What are your business expansion plans for the near future and in the long run

Sometimes clients shy away from discussing all these things because they don’t trust the MSP enough. There is a fear of the MSP sharing business plans and other confidential information with their competitors. As a MSP, I can tell you that we work best with clients who trust us. When you are trusting us with the lifeblood of your business–your IT infrastructure, you should be able to trust us with your plans for your business.

Let’s talk often

While it’s great that you outsource your IT completely to us, it is still important that we meet and talk. Your business needs may change over time and we don’t want to be caught off-guard. We know you are busy, but set some time aside every month or even every quarter to catch up with us and discuss your IT challenges and needs.

Take us seriously

Your IT is our business, and we take our business very seriously. So, when we tell you something, such as–to implement strong password policies, limit data access, upgrade antivirus, etc., please take notice!

Teamwork forms the core of any successful relationship. Same holds true for your relationship with your MSP. Trust us, pay attention to us and hear us out. We’d love that…and we’d love to work with you!

/by

Don’t make these IT mistakes as you grow!

Don’t make these IT mistakes as you grow!

During the course of IT consultancy, we come across a lot of clients who are not happy with the way their IT shaped up over the years. They feel their IT investments never really yielded the kind of returns they expected and come to us looking to change the trend. When analyzing the reasons for the failure of their IT investment, here’s what we come across most often.

Not prioritizing IT

This is the #1 mistake SMBs make. When focusing on growing their business, most SMBs think marketing, sales and inventory, but very few consider allocating resources–monetary or otherwise towards IT. IT is seen as a cost-center, rarely prioritized and any investment in IT is made begrudgingly.

Going for the fastest, latest or even the ‘best’ technology–which may not be the best for you

This is in contrast to the issue discussed above. Many SMBs realize the key role that IT plays in their business success. But they tend to get carried away and invest in the latest IT trends without considering whether it fits their business needs well, or if they really need it. Sometimes it is just a case of keeping up with the Joneses. But, why spend on the fastest computers or largest hard drives when you get only incremental productivity benefits?

Your team is not with you

When you bring in new technology or even new IT policies, it is your team that needs to work on it on a daily basis. If your staff is not on the same page with you, your IT investment is unlikely to succeed. So, before you make that transition from local desktops to the cloud, or from Windows to iOs or roll out that new BYOD policy, make sure you have your staff on your side.

You are not sure how to put it to good use

The lure of new technology is like a shiny, new toy. Investing in something popular and then not using it to its maximum is commonplace. Make sure you make the most of your investment in IT by providing your staff with adequate training on how to use it.

IT can seem challenging to navigate when you have to do it all by yourself. It entails steep costs when taken care of in-house. Add to that the complex task of deciding what IT investment you will benefit the most from and then training your team to use it…all of this is pretty daunting when you have to do it all by yourself. A MSP has the experience and expertise needed to be your trusted partner and guide in these challenges, helping you make the most of your IT investment.

/by

IT Red Flags to Watch Out For

IT Red Flags to Watch Out For

As someone running a SMB, you probably have a lot on your plate. You are the core decision maker, responsible for growing your business, keeping your clients happy and getting all the working done. Often, when you have so much going on, one area that gets overlooked is IT. When you are so busy looking into other things, the start of IT issues may slip your watchful eyes. In this blog, we discuss the IT red flags that you need to watch out for.

Adware ambush

This happens generally when your internet browser has been hijacked and an adware has been sneaked into your system. When you try to surf the net using a hijacked browser, you will find online ads popping up everywhere. And by that we don’t mean the few sponsored search results or a couple of ads that show up when you browse a site. We are talking about ads showing up just about everywhere on your browser. Even a simple link click will take you to an unintended page. It is so evident, you just cannot miss identifying an adware ambush!

Strange pop-ups

Much like the Adware ambush, strange pop-ups show up when you least expect them. For example, you may be trying to open a presentation or a document and a series of pop-up windows will appear before you are allowed access to the file. Watch out for these, as they indicate the presence of a malware in your system.

Spam/Fake emails

If, all of a sudden, you see a lot of spam emails being sent from your/your staff’s official email IDs, there may be a worm at work. Often email worms enter the IT system through the download of one infected file and then replicate themselves across the network via email. Worms do this by penetrating the victim’s email security and spread itself across all of the victim’s email contact list through automated emails that look as if they were actually sent by the victim. So, is Sam from Accounting sending you a lot of junk emails? Probably time to get his PC checked.

A lot of what used to work before is now broken

We all have minor software and hardware issues here and there. But, if all of a sudden, a lot of stuff that used to be up and running seems to be broken, it screams “Red alert”! It could mean that the malware is slowly taking over your IT system, one program at a time.

Bottomline–Surprises are good, but not so much in IT. If you find anything amiss, anything different, like a machine that suddenly slowed down, or a program that just doesn’t work anymore or a new plug-in added to your browser or a new homepage, it’s better to take a deeper look and arrest the problem before it spreads elsewhere wreaking havoc through your IT network.

/by

Assessing your MSP in the first appointment

Assessing your MSP in the first appointment

Handing over your IT to a MSP is a major decision. Who do you choose and more importantly, how? While there’s no rulebook that will tell you exactly how to proceed, here are a few hints that can help you decide how invested your prospective MSP is into you.

How well do they know your industry vertical

It is important that your MSP truly understands the industry-specific IT challenges you face so they can help you overcome those challenges effectively. For example, do you have a commonly used software program or any governmental or regulatory mandates that you must be adhering to. Is your MSP knowledgeable on that front?

How well do they know you and your values

How well does this MSP know your business in particular. Have they invested time in learning a bit about you from sources other than you–like your website, press releases, etc.? Do they understand your mission, vision and values and are they on the same page as you on those? This is important because you and your MSP have to work as a team and when start to see things from your point of view, it is going to be easier for you to build a mutually trusting, lasting relationship with them.

References and testimonials

References are a great tool to assess your prospective MSPs. Ask them to provide you with as many references and testimonials as they can. It would be even better if their references and testimonials are from clients who happen to know you personally, or are in the same industry vertical as you or are well-known brands that need no introduction.

Are they talking in jargons or talking so you understand

Your MSP is an IT whiz, but most likely you are not. So, instead of throwing IT terminology (jargons) on you, they should be speaking in simple layman terms so you understand and are comfortable having a conversation with them. If that doesn’t happen, then probably they are not the right fit for you.

Were they on time

Did your MSP show up when they said they would? Punctuality goes a long way in business relationships and more so in this case as you want your IT person to ‘be there’ when an emergency strikes.

While there are many factors that go into making the MSP-client relationship a success, the ones discussed above can be assessed during your very first meeting. They are kind of like very basic prerequisites. Make sure these basic conditions are fulfilled before you decide on a second meeting.

/by

Hiring seasonal staff? Here are a few things to consider from the IT

Hiring seasonal staff? Here are a few things to consider from the IT perspective

In many industries, there are seasonal spikes in business around specific times. For example, CPAs/Accounting firms, though busy all year, generally see a spike in business around the time of tax planning, IRS return filing, etc., the retail industry sees a boom around the Holiday Season, and so on. During such peak times, it is common practice in the industry to employ part-time staff to meet the immediate resource needs. While this works well in terms of costs and for handling additional work/client inflow, this poses a few challenges from the IT perspective. In this blog, we explore those challenges so you know what to watch out for before bringing part-time staff on board.

Security

When you are hiring someone part-time, security could be a concern. You or your HR person may have done a background check, but their risk score nevertheless remains much higher than permanent employees who are on your payroll. Trusting a temp worker with customer and business data is a risky choice.

Infrastructure

Having seasonal employees is a good solution to temporary spike in workload. But, there is still a need to provide your temps with the resources they need to perform their tasks efficiently. Computers, server space, internet and phone connectivity, all need to be made available to your temp workforce as well.

Lack of training

Your permanent employees will most likely have been trained in IT Security best practices, but what about your temps? When hiring short-term staff, SMBs and even bigger organizations rarely invest any time or resources in general training and induction. Usually brought in during the peak seasons, temps are expected to get going at the earliest. Often IT drills and security trainings have no place in such hurried schedules.

Collaboration needs

Often businesses hire seasonal staff from across the country or even the globe because it may offer cost savings. In such cases when the seasonal staff is working remotely, there is a need to ensure the work environment is seamless. High quality collaboration tools for file sharing and access and communication needs to be in place.
Having part-time or seasonal staff is an excellent solution to time-specific resource needs. However, for it to work as intended–smoothly and in-tandem with the work happening at your office, and without any untoward happenings–such as a security breach, businesses need to consider the aspects discussed above. A MSP will be able to help by managing them for you, in which case hiring temps will be all you need to think of.

/by

3 Things to consider before you sign-up with a cloud services provider

3 Things to consider before you sign-up with a cloud services provider

More and more SMBs are migrating to the cloud and that is not a surprise considering the numerous benefits the cloud can offer them. For a SMB, the cloud is a cost efficient and secure answer to their growing data needs and IT security requirements. The cloud grows with them and lets them scale their business without worrying about a corresponding rise in IT costs. Plus, with the cloud, the important aspects of security and backups are mostly taken care of by the cloud service provider. And then, there’s the convenience of any-time-anywhere data access. With all these benefits that the cloud brings, what’s there to think about before signing up with a cloud service provider? While are a lot of benefits of storing your data on the cloud, but your data is still yours, so there are a few things you need to know and be comfortable with before you jump onto the cloud.

Data storage location

Ask your cloud services provider where, (as in the location of the data center) your data will be stored. Ask them if they have multiple data centers and if yes, then, will they be backing up your data and storing them at different places. It is great if your cloud services provider does that, since that ensures higher safety of your data.

How secure will your data be?

Yes. When you hire a cloud services provider, a major chunk of your data’s security responsibility is passed onto them. You don’t have to really worry about your data security, but, you still need to know how they plan to keep your data safe. Ask your cloud services provider for details regarding their data security procedure. Have them share all policies, SOPs and data security frameworks that they claim to have in place.

Past performance/data loss history

Everyone talks about their best projects in a sales meeting. What you really need to know are the worst ones. Ask your cloud services provider to share with you their data loss/downtime trends for the past one year. Observe the trend. How often does their system give way and how long does it last? This is important for you to understand, because this metric translates into loss of business for you.

And finally, don’t forget to ask for a client list. Like we said before, everyone highlights the good things about themselves in a sales meeting. If you really want to know how good your cloud service provider is, ask them for a client list–both current and past. Check how many of them are from your industry vertical. Try reaching out to those who are willing to talk. Find out what they like the most about your cloud service provider and what aspects they find negative. Find out why their former customers left them. Usually customers are pretty good indicators of the quality of service a business provides. Hope these tips help you finding a cloud service provider who fits in well with your needs.

/by

Firewall Management

Read more
/by

GDPR

Read more
/by

Virus and Spyware Removal

/by

Barracuda NG Firewall

/by

Barracuda Spam and Virus Protection

/by

Cisco ASA Firewall

/by

McAfee Enterprise Firewall

/by

SonicWall Firewalls

/by

SonicWall SSL-VPN

/by

ZixCorp Email Encryption

/by

Sophos Unified Threat Management

/by

mod_evasive doesn’t work with current Apache

Starting with Apache 2.4.1, mod_evasive stores the violation counts PER CHILD. Attackers don’t hit the same child enough times in the time interval to trip the system.
If you have 100 child threads, then you are diluted 1/100 for the time interval

DO NOT USE mod_evasive.

You can slightly improve the performance by editing httpd.conf:
KeepAlive On
MaxRequestsPerChild 0
MinSpareServers somelowvalue
MaxSpareServer somelowvalue

You could use mod_security instead
but it won’t ban IP addresses
yum install mod_security (install mod_security)
yum install mod-security_crs (install OWASP security rules for mod_security)

After installing mod_security, you may get a FAILED message at service httpd restart
You’ll find a similar message in /var/log/httpd/error_log
[alert] (EAI 2)Name or service not known: mod_unique_id: unable to find IPv4 address of “myserver.mydomain.local”
BE CERTAIN that the HOSTNAME value in /etc/syscconfig/network is also a 127.0.0.1 record in /etc/hosts

Use fail2ban
yum install fail2ban
vi /etc/fail2ban/jail.local
[apache-banhermes]
enabled = true
filter = apache-banhermes
logpath = /var/log/httpd/access_log
maxretry = 1
bantime = 60000
action = iptables-multiport[name=banhermes, port=”http,https”]
backend = polling

vi /etc/fail2ban/filter.d/apache-banhermes.conf
[Definition]

failregex = ^<HOST> -.*”(GET|POST) \/hermes\/
ignoreregex =

service start fail2ban

 

For information about how Acumen can service your business, visit our About page.

For more information on Apache, visit their Official Site by clicking the link below:

https://httpd.apache.org/

/by

HOWTO: Update WP Plugins without File Transfer Protocal

In the interest of security we moved many of our websites to a new server and found that plugins suddenly refused to update without File Transfer Protocal credentials. This was obviously fine when wanted to do the updates and knew the FTP credentials but presented a problem because we like to encourage our clients to perform routine maintenance to keep their sites up to date.  Obviously they are not going to know the FTP information.

This server happens to use setfacl to further control user access to the site folders. We don’t believe this is the problem.

WordPress does attempts to write a file to wp-content as a test for directory access. For some reason this test seemed to be failing.

We bypassed the test by adding the following line to wp-config.php:

define(‘FS_METHOD’, ‘direct’);

When the file write test was bypassed, the plugin installed without requiring the File Transfer Protocal credentials.

We hope this helps you as well!

Official WordPress Logo - File Transfer Protocal

For more information about what Acumen can do for your business, visit our Contact page.

For more information about FTP Credentials for WordPress, click on the link below:

https://help.vaultpress.com/ftp/ 

/by

ZixCorp

/by

Symantec

/by

Sophos

/by

SonicWall

/by

Heartbleed Exploit

HeartBleed is a newly found OpenSSL exploit. It has been getting a lot of attention in the last few weeks because it leaves a large security hole on the majority of encrypted websites on the internet.

When accessing a secure Server that is using OpenSSL your computer will request a “Heart beat” to verify that there is a active connection to the server. This is accomplished by sending a piece of data of a specific size to the server to which you are connected and requesting that it be sent back to your computer.

The problem is that with this vulnerability someone can send a heartbeat request to a server but claim that the heart beat request is much longer than it actually is. The server will just assume that the the size of the request is accurate. And instead of sending back just the response, it will send back the response along with more information that is currently stored in the Servers buffer until it is the size that the original message claimed to be.

This is a very dangerous exploit that allows a attacker a look into the the servers buffer and see possible usernames and passwords among other things. Luckily the majority of Large companies like Google, Facebook, or banks had this patched as soon as this issue went public. It is very important that servers that send information over the internet have this exploit patched, because if they do not secure information on the server could be compromised.

We recommend you change your passwords for any important account, like for your bank or email. And verify that any server you own is patched as soon as possible.

Here is an Excellent video on the subject

Please contact our Network Support Team or call today at 314.333.3330 if you need help.

/by

No DNS/DHCP After Virus Removal

,

Recently, after removing a virus from a customer’s PC I encountered a problem while trying to get the PC back on the network. I tested the drop with another computer and it worked fine. The PC would not pull a DHCP address. I then gave the PC a static IP/DNS settings and the PC was able to ping 8.8.8.8 (which means it had access to the internet) but could not resolve google.com with multiple DNS settings.

I finally found my answer here This solution works perfectly but I’ll condense it below if you don’t want to follow the link.

The user ILS mentions that these symptoms are caused by a corrupted afd.sys file which is located at c:windowssystem32drivers. Either it is missing or infected.

A tool called Farbar System Scanner can be run on your Internet Services to verify the problem although you do not need to do this to try the fix.

Scan your system for another version of afd.sys and simply copy it over to the one in your driver folder

Next you need to modify the registry. Instructions are detailed in a post written by Broni here.

The easiest solution is to copy the Registry Entry from another PC that is working

If you get a permission problem when merging the Legacy_AFD, make sure you read Broni’s instructions on how to allow your user to change the permissions. For Windows 7, I used the following Broni written instructions:

  1. Start=>Run (alternatively use Windows key+R), type regedit and click OK.
  2. Navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumRoot
  3. Right-Click Root and select Permissions…
  4. Click Advanced.
  5. Under Owner tab select the entry starting with you user name, example: Farbar(Farbar-PCFarbar)
  6. Put a check mark next to Replace owner on subcontainers and objects and click Apply and OK.
  7. Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
  8. Click Apply and OK.

As stated by the author of the post, after doing the above you will be able to merge Legacy_AFD.

Even though that post is old, it works like a charm, we were able to fix 5 computers today, all of them were Windows 7.

Following those instructions I was able to get the computer back on the network and the user back to work.

If you need help with your computer or your network give us a call at 314.333.3330 and take a look at our IT Support page for more information.

/by

Exclude Print Devices in Symantec Endpoint Protection Manager

,

Exclude Print Devices in Symantec Endpoint Protection ManagerSymantec

 

Problem:

The protection manager was interfering with communication between:

Our Cannon printers and PCs.

To disable this globally, you must log into the Endpoint Protection Management Console and do the following:

Symantec Solution:

  1. Click Policies, then click Application and Device Control.
  2. Double-click the application and device control policy that is in use by affected clients.
  3. Click on Device Control.
  4. Under Devices Excluded From Blocking, click Add…
  5. Click Printing Devices, then click OK.

This solved a huge problem.

The Network Threat Protection aspect of this Endpoint Security was interfering with the PCs being able to print.

See our IT Services page for more ways we can help you!

For more information about Endpoint Security, visit the site below:

https://en.wikipedia.org/wiki/Endpoint_security

/by