Tis the Season – Holiday wishes and email scams

Tis the Season – Holiday wishes and email scams

Dec 13, 18
Bob Daugherty
No Comments

It’s the holidays again and along with the holiday wishes come a big bag of email scams.  Hers is a link to a good article from the Better Business Bureau about types of holiday scams.

Article by the BBB Article on Holiday Scams

Take a few minutes to review this article.  Be careful of email links. 

Have a Safe and Happy Holiday Season.

20 Questions You Should Be Able to Answer About Your IT, Part 2

May 02, 17
James Osborne
No Comments

Blogger: James Osborne, Technology Consultant at Osborne Technology Consulting

This is the second in a four part series of blog posts from our 22 March ITMA meeting, “20 Questions You Should Be Able to Answer About Your IT”. Part 1 covered Hardware, Software and other equipment. Part 2 covers Security Concerns and other Policies. Part 3 will cover DR/BCP and IT Department Processes, and Part 4 will cover Miscellaneous Topics. The presentation itself is available HERE.


#6 – Do You Have a Cyber Security Breach Response Plan?
Your odds of suffering a cyberattack vary greatly depending upon your size, industry and exposure.  Health care, for example, is a prime target for attackers.  81% of health care companies suffered a breach over the last two years.  While you can reduce your odds of being breached from a cyberattack, it’s still a possibility you should face.

Having a written Response Plan will provide you with guidelines to respond quickly.  Working on the plan BEFORE any incident happens ensures that you are thinking clearly and dispassionately about how to respond, rather than reacting in the moment.  It also provided you with time to research responses and their repercussions, rather than making a panic stricken response that may be ill-advised.

 

#7 – Do You Have An Emergency Action Plan
There are many threats to our day to day operations – tornadoes, fires, criminal activity, chemical spills, etc, can all impact our businesses.  If a neighboring tenant has a fire, will the sprinklers affect your offices?  If a disgruntled employee storms in with a gun, how do you respond?  What if the estranged spouse of an employee makes bomb threats?

Many buildings now require tenants to have a written Emergency Action Plan (EAP).  They may require periodic testing.  If yours doesn’t, you might wish to consider developing one anyway.  The slight loss in productivity from testing your plan will be worth it should you ever need to actually enact your plan.

While these aren’t necessarily technology challenges, they do spill over.  You can ensure that your plan requires people to bring their laptops, provided it’s safe to do so.

 

#8 – Do You Have a Communications Plan?
How do you alert staff to ‘snow days’?  How do you tell people to not come in because there’s been a chemical spill?  How do you tell people that you’ve had a power outage, and they should work from home for the day?

In years past, many have used a ‘phone tree’ to communicate with staff.  It works, but it’s cumbersome and takes a while with any sizeable group.  E-mail notifications can be effective, but only if your staff all have access to e-mail and check it regularly.  Text messages can also be effective, but again, only if your staff have access to text messages.  Whatever method is used, you must be certain that it’s not reliant on your network resources, as they may be unavailable.

 

#9 – Do You Perform Security Audits?
Unless you’re in the business of Information Technology Security, you likely have many holes in your security.  After all, it’s not a core competency, so it shouldn’t be a surprise if you don’t have everything nailed down.  Even if you’re a IT Security expert, there are likely some holes in your security.  If you don’t perform internal security audits, you should probably contact that work out on a regular basis.

There are many providers out there who would be happy to provide various levels of security audits, from simple network probes to sophisticated ‘social networking’ attacks.  Maybe you’re running an older firmware version on your firewall, or have ports that were left open for an old project.  Maybe you haven’t updated some of your software and there’s a known exploit out there that could allow nefarious individuals into your network.  Maybe your staff are just too trusting and need to be educated how to deal with threats.   Just like you go to a specialist if you have a thyroid problem or suffer from migraine headaches, you should seek the assistance of a security specialist.

However, simple having a security audit performed is not enough….you must follow their recommendations and plug any holes they find.  Unfortunately, many companies who contract an external security audit do not use the audit findings to secure their network.  Either they’re unable to get buy-in from management and earmark the funds necessary to address the issues, or they were compelled to have the audit done for some reason and have no interest in responding to it.  This is as irresponsible as going to your doctor because of some complaint and then ignoring her recommendations and prescriptions.

 

#10 – Do You Have Complete Network Documentation?
As any who know me can attest, Network documentation is a cause of mine.  I frequently have to come into an existing network and try to figure out how things are done because there is no documentation.  Or, worse yet, documentation exists, but it’s inadequate, incomplete or inaccurate documentation.

Network documentation should cover everything in your environment – servers, workstations, print/scan, backup, your cabling infrastructure, your telephony, etc.  If it’s something your responsible for, you should have documentation for it.

People are often unwilling to devote the time to develop good documentation.  Either they feel they’re too busy, or they feel that they have a good handle on things on their own.  Or, they may feel that not making documentation available is some sort of job security.

Good documentation should enable anyone to get into your systems and do the work they need to do.  This includes a consultant assisting with an Office 365 migration, an IT intern adding a new network printer, or your replacement attempting to determine what equipment should be upgraded in the coming years.  Good documentation should also allow you to completely replace everything should Aliens ever take your building – inventory of all hardware and software, contracts, contacts, notes, configurations, etc.

20 Questions You Should Be Able to Answer About Your IT, Part 1

Apr 14, 17
Admin
No Comments

Blogger: James Osborne, Technology Consultant at Osborne Technology Consulting

This is the first in a four part series of blog posts from our 22 March ITMA meeting, “20 Questions You Should Be Able to Answer About Your IT”.  This post covers Hardware, Software and other equipment.  Part 2 will cover Security Concerns and other Policies.  Part 3 will cover DR/BCP and IT Department Processes, and Part 4 will cover Miscellaneous Topics.  The presentation itself is available HERE.

——————————————————————————————————–

#1 – Do you have a hardware refresh policy?
If you aren’t refreshing your hardware you are losing money in productivity. This could be due to down time from using older, possibly failing equipment.  This could simply be from not having as powerful equipment as is available.   For example, if you’re still using traditional hard drives your staff may be spending four or five minutes each reboot twiddling their thumbs.  Newer Solid State Drives cut this time dramatically.

Generally speaking, we try to replace our laptops and desktops at least every four years.  But you should also remember your servers, printers, scanners, UPS’, phone hardware and networking equipment.  At no point should you be running hardware that the vendor will no longer warranty.  If they don’t trust it enough to be willing to accept your money for a warranty, you shouldn’t be relying on it.  Remember, as equipment gets older, the cost of support/warranty/agreements goes up.

 

#2 – What is your software update policy?

Sometimes it’s difficult to test Microsoft updates. However, not applying security and critical updates can leave you vulnerable, and possible cause software conflicts. Many people take critical updates, and try to check out other updates, but that can be an awkward process.

All of our software packages get updated from time to time….some very frequently, some only a few times a year.  Falling behind will often cost you more than keeping updated, both in terms of dollars and cents and time and productivity.  As a consultant, I often find people using a four or five year old version of Quickbooks because they didn’t want to spend the money to update it.  When they have problems, my time alone is usually more than it would have cost to stay current.  Depending upon what’s happened, their lost productivity may double that cost, or more.  Often, not getting the latest features and enhancements will cost you in productivity.  And, if you don’t update, you frequently find yourself unsupported.

 

#3 – Do you know how much “spare juice” your system has?

Few things are worse than running out of disc space.  Workstations performance drops when disk space is less than 10%.  Users never clean up files.  Odds are they have at least five or six copies of any particular spreadsheet on their computer.

In a virtual environment, it’s very easy to spin up new VM’s for a new server, or to test something out.  Most times, you’ll thin provision a hard drive, because it gives you the best performance.  But, as you use it, it will consume more and more space.  If you’re not monitoring things, you can easily find yourself dramatically over provisioning space and running out of free space.

You can over provision RAM and CPU cycles, but you have to be careful.  If your get to greedy, you can find your performance on all VM’s impacted.

You also need to look at your print environment.  The printer or copier that you had available for one workgroup two years ago may no longer be sufficient for their work load.  Or, it may be overkill.

You also need to monitor your access points – too many users for an access point will greatly degrade service for all involved.

Finally, will your UPS keep all your equipment connected and running, and for how long?  Is it long enough?  Have you reconsidered your battery backups in light of your current load?

 

#4 – Do you have a growth or capacity plan?

Knowing what your current capacity is will help you anticipate growth and plan for more VM’s, faster printers, additional AP’s, additional switches, more powerful UPS’s, etc.

Management should help you with planning for future growth, but you should also track current usage.  Watching growth patterns can be difficult, but necessary for budgeting and implementation planning.

 

#5 – Backup support and equipment vendors.

We all have vendors we prefer to work with.  We may like the sales guy, or go to church with the owner’s family.  But, cultivating multiple relationships can help protect your interests.  Sending our requests for proposals to multiple vendors on a regular basis can help ‘keep them honest’ in that they don’t assume they have your business locked in.

Having multiple vendors in your pocket is also a good safety net…. you never know when your vendor will lose the tech you like or change their business model.  Both have happened to members in the past.

 

The Importance of Networking from a Self-Proclaimed Introvert

Nov 02, 16
Bob Daugherty
No Comments

Like most of us I get a lot of email with a lot of junk.  But occasionally there’s very interesting and sometimes insightful information buried in the mix.  I recently read an article by Erin Cheever, Project Manager at Boomer Consulting about the importance of networking.  Erin, like many IT professionals is a self-proclaimed introvert.

Sometimes networking and company events are stressful to those of us who aren’t naturally extroverted.  I particularly liked Erin comments about networking not being about sales.

Networking is Not About Selling

What is networking not? Selling. A large part of my realization about the benefits of networking was getting past the fact that it is not selling and it is not all about business. My background is not in the accounting profession, so I was often intimidated about talking to accounting professionals about those topics or ideas. But by looking at the conversation as a way to create a relationship and get to know an individual on a personal basis it became easier and more natural. I took selling out of the conversation, and it took the pressure away.

Making those contacts and building those relationships will benefit your career greatly.  It’s like presentation skills, (another great benefit to your career) it gets easier the more you do it.

Erin’s take on networking should put you a bit at ease.  You can read Erin’s full article at http://boomer.site-ym.com/blogpost/1330975/259385/The-Importance-of-Networking-from-a-Self-Proclaimed-Introvert and you can read her bio at http://www.boomer.com/?page=ErinCheever

Conference, User Groups and Networking Opportunities – why they are so important to your career.

Jun 30, 16
Bob Daugherty
,
No Comments

Blogger: Bob Daugherty,  IT Director at DMLO

I’m fortunate at my firm that they understand the importance of networking and learning from others in your field. CPA and most service firms understand this is beneficial for accountants, lawyers, architects and other professionals.  Not every firm understands how important network and learning is for IT professionals.

I recently returned from the AICPA Practitioners and Tech Conference. Great conference! If you’re an IT professional at a CPA firm, this is the conference to attend.  Tons of great information both on technology issues and running a CPA firm.  I spent my time on the IT track and met some really interesting people and learned some cool and helpful new stuff.

It’s just not possible these days for IT professionals to learn everything they need from manuals, web sites, self-learning tools and of course trial and error. Talking to my peers and other IT professionals has helped me tremendously over the years.  I go to every conference and/or event with one or more questions to I ask everyone I meet.  This conference it was about using the Surface Pro 4 as a laptop replacements. I was surprised by how many are making this work successfully.  Time to test it myself.  Watch for future posts about how this is going.

Attending conferences, user group meeting such as the ITMA gives me the opportunity to bounce ideas for projects off people who have already done them.   The owners of my firm are always asking about what other firms are doing.  At these events and meetings I hear about what other firms are doing, what worked and what didn’t, and sometimes I get answers to problems I haven’t figured out, or even didn’t know I was going to have.  Makes my job easier and saves me a lot of wasted time and frustration.

Plus, it’s nice to have people around who know what your struggles and frustrations are all about. And it’s fun to swap stories about end users and partners.  The only downside is that sometimes you wind up with an action list as long as your arm.  23 action items and counting from the conference I just got back from.  Next post – how to handle a task list that is out of control.

How good is your network documentation?

Jun 18, 16
Admin
, ,
No Comments

Blogger: James Osborne, Technology Consultant at Osborne Technology Consulting

How good is your network documentation?  If you were to win the lottery today and retire to Bora Bora (my version of the ‘hit by a bus’ scenario – I find it less depressing), would your replacement be able to ‘hit the ground running’?  If ‘aliens took your building’, would you be able to recreate everything? Do your current vendors provide you with documentation after they complete project work?

We should all know how important network documentation is to any organization. While you know your server names, and some of your IP addresses and print queues, do you really remember routing rules in your firewall?  Or all of the security groups and who has access to what? Good documentation frees you from having to remember how things were configured when you need to make changes. Good documentation also assists you when you have new staff trying to do something, or when you have a consultant working with you for some project. You can send them to the documentation rather than holding their hands for the entire process.

Virtually none of the clients I’ve worked with over the years have had great documentation; most have had no documentation. This doesn’t mean their networks weren’t setup properly, or well maintained. It just means that whoever had been working with their technology didn’t bother to write down what they knew. I’ve always tried to keep accurate and ample documentation wherever I’ve worked, and it’s always been worth the extra effort. It’s saved me from having to remember every little detail, and it’s been useful when I’ve had to hand things over to others. I’ve always feel it’s something that the client is entitled to – they’re paying for the hardware and software, and deserve good documentation of what they purchased.

While working with one of my clients recently, we brought in another IT consulting firm (Mirazon) to assist on a project. I’d worked with Mirazon before, and always found their engineers to be competent and friendly. I was surprised this time when they presented me with 40-odd pages of documentation at the end of the engagement. The documentation included numerous screen captures, and an updated network diagram. Finally, their documentation was subject to in-house peer-review – an engineer who hadn’t worked on the project came in and double checked the documentation.

I discussed this with the engineer who’d worked on the project and he commented that Mirazon endeavors to make this standard practice for all of their work.

Why you need 5 email accounts, my personal views on email.

May 25, 16
Bob Daugherty
, ,
No Comments

Blogger: Bob Daugherty,  IT Director at DMLO

We all have an email address.  I have a few, five actually.  As an IT professional I’m always preaching about email clutter, junk, spam and protecting our end users.  For the most part I practice what I preach, but even the best effort gets your email account hacked.  Recently my personal email account was hacked.

Fortunately, it was only one of my five email accounts.  Why do I have five email account?  Crazy you say, maybe, but here’s what I think.  I use free emails accounts from Google, Microsoft and Yahoo.  Don’t use the email account that comes with your internet provider for anything.  If you change providers, you may lose or worse you may have to pay to keep that account.  Now that’s crazy.

First you have your work account.  Only use this for true business communications that you would let your boss read.  If it’s a work email it belongs to the company. They can legally read every email, and they just might.  As IT professional we need to make sure our end users understand this and suggest they have at least one personal email address if not more than one.

You need a catch all account.  This was the account that got hacked and frankly I’m surprised it took this long.  I’ve had this account for years and I use it for every web subscription, survey or form that wants an email address and everyone wants one.  I know they are going to sell my email.address.  That can’t be helped these days. And I’m OK with that because that email can be easily dumped and replaced.

If you every buy anything online, you need a separate shopping account.  Again, I use a free one.  You will get some junk since they might sell you email address, but it’s nice to have your order confirmation, invoices and shipment tracking emails all in one place.   And you can “unsubscribe” from some of the junk.  Read their privacy statements about sharing your info and be careful of those checkboxes at the bottom of any on-line agreements.  You may be saying yes to more than you think.

Don’t use your shopping email account with any online banking or credit card accounts. Get a separate financial email for those sites. Never give this one out to anyone, including those in the next group.

Your friends and family email account is the hardest one to replace.  But only because it’s the one you’re probably the most emotionally attached to.  If you have family members and friends that email you pictures, holiday ecards and other stuff you just can’t part with or easily replace it’s going to be hard to give up this account.  Be stingy with this email account.  Tell your family and friends never to share it.  if you get junk in this accounts it’s probably because your friends and family only have one email account.  Send them this post.

That’s my 5 email accounts! It may seem excessive, but mobile devices can easily handle multiple accounts so it’s easy to keep up with them.   I actually have a hobby email account as well but that’s a different story.

If an account gets hacked or it seems like every junk mailer in the world has it, abandon it. Create a new one, stop sending from the old one and move anything you need over and forget it.  Eventually it will go away, well probably not, but it was free and now it’s full of junk anyway.

Microsoft or Linux. Pay or Free. Closed architecture or open source.

May 12, 16
Bob Daugherty
, ,
No Comments

Guest Blogger: Tucker Oldham, Business Development Manager / Technology Consultant at NDS (www.ndsit.net)

These are the traditional arguments IT personnel have wrestled with for years.   For the majority of businesses, the answer has always been Microsoft.   Although the ability to reduce cost has been intriguing, the thought of putting mission critical data on an operating system with poor or no support is simply not realistic for most IT directors of a small to medium business.

Still, in the corner of the data center there is the IP phone system that runs on a hardened version of Linux.   95% of the server environment is virtualized and runs on VMware using Linux.   The firewall has a proprietary version of Linux running IPS/IDS.

“If some of the best technologies in my datacenter already run on a version of it, why can’t I take better advantage?”   It is the question most IT directors ask as they spin up another Microsoft server and apply untold numbers of patches and wonder what on earth they are getting for their licensing, CAL and assurance fees.

When you consider looking at implementing open source solutions, I’d recommend using the following check list.

  • It’s not a rip and replace scenario. When considering an open source platform, don’t think of it as a forklift upgrade of your OS.   There is a reason Microsoft is the operating system leader in the server world.   Active Directory is an excellent solution for maintaining controls of your users and your environment. Many of your applications may not even be able to run on a Linux platform.
  • Think stability and security. There are reasons your firewall, phone system, and hypervisor is running on Linux.   Some of the biggest are stability and security.   Taking advantage of the open source community, Linux tends to be more stable, have less vulnerabilities, and patches come faster when vulnerabilities are discovered. At a minimum, when considering a new application, ask the vendor if they have a Linux version. If they do, chances are the security and stability of the application will be improved.
  1. The cloud changes everything.   In November 2015, Microsoft announced support for Red Hat Linux on its Azure Cloud platform.   It followed that announcement with an announcement in the spring of 2016 that SQL would be supported on Linux.   Red Hat and Linux enthusiasts will tell stories that this is because Microsoft is finally admitting an open source platform is secure and stable. The reality is Microsoft understands that the future is not at the OS layer because you won’t be hosting the OS.   The OS will be simply a part of the cloud service you purchase mitigating its importance. The reality is the days of a single OS are numbered.   The future has a mixture of both.
  • Think about the solution not the operating system. Apple recently moved from VMware to Red Hat’s virtualization platform reducing the costs of hypervisor licensing.   Casio Computer’s implemented Red Hat’s storage solution to reduce the cost of its backup solution. E*Trade used Red Hat’s JBoss middleware to develop its high volume trading solution.   Each of these enterprise companies did not start the process with “I want to look at Linux to reduce costs.” Each started with the idea of “what’s the right solution for the problem I’m having.”
  • Stop thinking it’s free. Even if the costs may be less, it’s not going to be worth it if the solution doesn’t work.  The popular misconception is open source = free.   To implement correctly in a business environment, the correct approach is using a Linux vendor, like Red Hat. These vendors supply you a tested and hardened version of Linux. They supply technical support, updates and upgrades on a regular basis.   They also provide your application vendors an operating system that can be certified for their software.

Because these solutions are subscription vs. license and maintenance based, they are often times cheaper.   This doesn’t necessarily mean the overall solution is guaranteed to be cheaper.    The savings your enterprise gains on the middleware side may be better utilized on the hardware side when implementing the solution. After all, it’s all about giving your enterprise and end users an even better experience through a faster more stable solution.    Every IT Director knows the solution never just stops on the software side of things.   Don’t get caught up in the idea that just because the software, middleware or operating system was less expensive that you can cut corners on the hardware its running on.

 

Tucker Oldham,  toldham@ndsit.net

How to tell if you’re infected with malware.

May 12, 16
Bob Daugherty
,
No Comments

Blogger: Bob Daugherty,  IT Director at DMLO

Convincing end users that they need to be doing regular virus/malware scan can be like telling yourself you need to eat more vegetables.  You know you should, but if you don’t listen to your own advice, how can you expect them to listen?

The problem is understanding the issue; how good vegetable are for you and how important regular scans are. Like you, I get lots of email articles on every topic related to IT.  I just got one from Malwarebytes that does a pretty good job explaining the symptoms of being infected.  It might just help your end users understand this problem better.  And maybe they will do more scans.

https://blog.malwarebytes.org/101/2016/05/how-to-tell-if-youre-infected-with-malware/?utm_source=double-opt-%20in&utm_medium=email-internal-b2c&utm_campaign=EM-May-1st-2016newsletter&utm_content=infect-with-malware

If you’re not familiar with Malwarebytes, you probably should be. They have a free product that does a pretty good job of cleaning things up that your regular anti-virus application might miss.  It’s a handy tool to have in your utility belt.

Backup at home like you do at the office.

May 12, 16
Bob Daugherty

No Comments

Blogger:  Bob Daugherty,  IT Director at DMLO

This post is kind of in line with my last one about using the same great enterprise tools at home (Manage your home computer protection the same way you manage it at the office).

For those of us, and I’m assuming this is most of us, that are using virtual servers and possibly virtual desktops you’re probably familiar with Veeam. It’s a great backup solution for your virtual network and if you haven’t looked at it, you might want to.

The problem with backup at the office has always been the workstations. Do you, don’t you, should you, could you…. You get the idea.   But we also have the same problem with the home computers we manage.  It’s a real pain to back them up regularly and there’s so many options and tools.

Now there’s one more and it might be the solution for both. Veeam Endpoint Backup Free.  Yes its free and its Windows 10 compatible.  If you’re a Veeam user you will really like this product, I’ve been testing for a couple weeks now on my home and office laptop and it seems to do everything it says it can.  The install is simple you get the same options you get with Veeam.  I haven’t tested multiple USB drives as my destination yet but that’s next.  It doesn’t give you a centralized management for multiple machines (you need to go to the paid version for that).  But you can backup multiple machines to the save storage location.

One of the things I like best about Veeam is the file level restore and the option to restore or copy to which is great when you don’t want to overwrite the original file. Veeam EndPoint Backup Free has this.  Full system recovery is also easy but you will need to create the bootable media that’s part of the initial setup to get to the Veeam tools.  The recovery media also contains some Windows recovery and repair tools which is nice to have.  If you’re worried about keeping track of your recovery media you do have the option of creating them as iso files.  Add some shared storage and you should be ready to go.  However, I haven’t figured out how to use one of my many free cloud storage account as of yet.  Easily backup all your home computers to the cloud and make it free.  Wouldn’t that be great?  I’m working on it.

So whether you want to backup your home computers or a few workstations at the office this may be the right tool. Check out the info on their web site.  https://www.veeam.com/endpoint-backup-free.html