Technology Advisor Blog

Get a Text Message Notification for Important eMails

Posted by Ann Westerheim on Thu, Feb 26, 2015 @ 08:02 AM

Mail_NotificationsHave you ever been waiting for an important email and stuck filtering through your entire cluttered Inbox to check for it repeatedly until it arrives?  With Ekaru cloud-based Exchange mail, you can set up a Text Message notification so you'll see when the important email arrives without needing to constantly check your Inbox.  

To access your settings, log into Webmail, and select "Options" on the upper right hand side of your home page, and then select "See All Options". On the left navigation, select "Phone" and then select the "Text Messaging" Button.

From there, you can "Turn on Notifications".  You'll be asked to enter your information for your carrier and your phone number, and will then need to authenticate.  After notifications are turned on, you'll be able to set up "rules".

Mailbox_RuleTo set up notification "rules", click on the link that says "E-Mail notifications using an Inbox Rule". There are many different types of rules you can set up, but in this case, you'll select "It was received from...", and then select the email address you're interested in.  

You'll then be able to apply the rule "Send a text message to..."

If you are waiting for an important email, or perhaps receive some critical business notifications during the day, this is a way to help organize and cut through the clutter of your Inbox.  

 

Wiring Closet / Network Gear: Are you a Felix or an Oscar?

Posted by Ann Westerheim on Mon, Feb 09, 2015 @ 12:02 PM

Wiring_Clean_upDoes your wiring closet look like a neatly organized space or a tangled web of wires and black boxes?  Your wiring closet is where your Internet and phone connections enter your office, and this is the heart of your network infrastructure.  How the area looks isn't about cosmetics, but rather, critical for network up time.
Here's a photo of a network we recently worked on for a small office.  The changes we made were relatively minor, but have a tremendous impact on the ability to rapidly troubleshoot and remediate network issues.
Here are some of the things we recommend:
  1. Router is clearly labeled
  2. Switch is clearly labeled
  3. Network gear is placed on shelving or a rack so nothing is stacked on top of anything.
  4. Color coded wires of an appropriate length are used to connect the switch and patch panel
  5. All ports are labeled on the patch panel so we know what wire goes to what office (with a corresponding number on the network jack)
  6. Wires are wrapped and bundled so connections are easy to visualize

Over time, equipment gets swapped out, Internet providers are changed, and office staff size changes.  It's natural that over time, the wiring closet gets a bit chaotic (just like your clothes closet at home).  In addition, workers may start storing other equipment in the room.  As a "best practice", we recommend at least a yearly clean up to keep things in order.

When a problem occurs, the time savings to quickly diagnose and remediate an issue is critical.   In many cases, we can recommend quick self-help over the phone to power cycle a router or switch that can often mean your network will be back up in minutes.  When things are organized and labeled, the guess work is removed.

Keep the area neat and organized, and swap out old equipment.  If you spot any network gear that's five years old, its time to replace it BEFORE it fails.  

Seven Questions for your Annual Technology Plan

Posted by Ann Westerheim on Thu, Feb 05, 2015 @ 15:02 PM

2015_Technology_PlanIt's that time of year - time for planning.  You may have already completed your yearly plan in the Fall, but if you're like many small businesses, you're wearing many hats and even though January has passed, it's still planning season.

As techies, when we hear the word "technology", we start thinking immediately about routers, switches, servers, operating systems, VPNs and all the different things we work with each day.  To form a technology PLAN for your business, the important place to start is to think about your business, and then see how technology can help move you forward with your goals.  

Here are the top seven questions we recommend exploring as you put together your technology plan for the year.

  1. What was your biggest business accomplishment in the past year?
  2. What is your top goal for the next year?
  3. If your business was at its absolute best, what would be different?
  4. What are the top three things getting in your way with respect to technology?  What are people grumbling about in the hallway?
  5. What is your biggest drain on productivity/profit right now?
  6. What are some things you've seen other business do that you wish you could do?
  7. What is the biggest change you see on the horizon for your industry?

To get the most from technology, it's important to think about  technology as a strategic tool to meet your goals and move beyond the mindset of technology as a necessary evil involving replacing things with newer things, or repairing what's broken.  Start with what you want for your business in the next year, and then see what role technology can play.

Is your password 123456? Change it TODAY!

Posted by Ann Westerheim on Thu, Jan 22, 2015 @ 13:01 PM

computer_helpThe annual list of the worst passwords for 2014 has been posted.  Last year, there were over three million leaked passwords.  One of the interesting by-products of these leaks is the list of the top passwords.  SplashData posted their list of the top-25 (and therefore, worst!) passwords.  If you see any of your passwords on this list, change it!

1    123456 (Unchanged from 2013) 
2    password (Unchanged) 
3    12345 (Up 17) 
4    12345678 (Down 1) 
5    qwerty (Down 1) 
6    1234567890 (Unchanged) 
7    1234 (Up 9) 
8    baseball (New) 
9    dragon (New) 
10    football (New) 
11    1234567 (Down 4) 
12    monkey (Up 5) 
13    letmein (Up 1) 
14    abc123 (Down 9) 
15    111111 (Down 8) 
16    mustang (New) 
17    access (New) 
18    shadow (Unchanged) 
19    master (New) 
20    michael (New) 
21    superman (New) 
22    696969 (New) 
23    123123 (Down 12) 
24    batman (New) 
25    trustno1 (Down 1)

Interesting to note that the number one password has been unchanged for years.  I even saw it on a nationally televised game show a few years back.

Your security is only as good as your weakest link. Passwords should be "strong".  That is, passwords should be at least eight characters long, and contain uppercase letters, lowercase letters, and symbols.  At your next staff meeting, share this list with EVERYONE in your small business.

What is a Data Breach?

Posted by Ann Westerheim on Tue, Jan 20, 2015 @ 16:01 PM

Laptop Work-10Recently one of our clients got a system infected with a virus and worried about whether or not they needed to report it.  First, it IS possible to get a virus even though you're doing everything right, such as maintaining up-to-date anti virus protection, firewall protection, and security patch updates.  But in most cases, although viruses can create a lot of damage and disruption, no data is exposed to the wrong hands.

The Massachusetts Data Protection Law and many industry-specific standards such as HIPAA have rules regarding breach disclosure requirements.  To gain more insight into what actually constitutes a breach, here is a definition of a breach from the HHS.gov website (Health and Human Services).  In this case, the language specifically relates to protected health information, but similar guidelines can be used ot understand other protected information.

“Definition of Breach

A breach is, generally, an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information.  An impermissible use or disclosure of protected health information is presumed to be a breach unless the covered entity or business associate, as applicable, demonstrates that there is a low probability that the protected health information has been compromised based on a risk assessment of at least the following factors:

  1. The nature and extent of the protected health information involved, including the types of identifiers and the likelihood of re-identification;
  2. The unauthorized person who used the protected health information or to whom the disclosure was made;
  3. Whether the protected health information was actually acquired or viewed; and
  4. The extent to which the risk to the protected health information has been mitigated.”

In some cases, viruses can introduce key-logging software that could lead to a breach, but in general there is no “use or disclosure”.  The damage done by a virus may be thought of as analogous to someone physically damaging your computer with a hammer.  It's damaged, and harm was done, but no information was disclosed - more of an act of vandalism as compared to theft.

We strongly advise all clients to keep up to date with security training and make sure all employees understand the need for maintaining up to date security protection.

Tags: Security Requirements, breach,

New Years Computer Security Resolution - Lock your Computer!

Posted by Ann Westerheim on Wed, Jan 07, 2015 @ 08:01 AM

Windows-Key_L-1It's a new year and time for resolutions. With data security in the news almost every day, and several very high profile breaches last year (Sony, Home Depot, Staples), we recommend data security at the top of your technology plan for 2015.  
Here's a real simple tip to get started on the right path.  Get in the habit of ALWAYS locking your computer when you leave your work area even just for a few minutes.  Its quick - simpy hit the Windows Logo Key and the "L" key and your system will be locked. Raising awareness to all your employees will help keep your data safe.  This is one New Years resolution that's so simple there's no excuses!  Make it a company policy and at your next staff meeting remind everyone to take action. 

Team Collaboration - Sync and Share in the Cloud

Posted by Ann Westerheim on Thu, Dec 11, 2014 @ 09:12 AM

Sync_-On-Line_ViewWith remote working and team collaboration now commonplace, employees demand anytime, anywhere access to their work files.  When the workplace lacks these tools, employees take productivity into their own hands using their personal mobile devices and free or low cost consumer grade productivity apps to get stuff done.  What they may not know is that these devices and consumer grade solutions typically lack the rigid security requirements that businesses demand and therefore are unintentionally introducing risk into the workplace.  In order to minimize risk and maintain a secure environment, you need to standardize and develop use policies around data access.  A good place to start is to standardize on your file sync and share solution.  Let us help you make that transition easily and securely.

Remote access to an on-premise server has been the standard "business class" way of collaborating for years. However, in today's mobile world, it gets complicated to maintain and its time for reinvention - "Server 2.0" in the cloud.  Sync247 was built for business with enhanced security features designed to protect information security , with an easy-to-use intuitive interface to ensure adoption and compliance for your employees.

Its easy to use.  Access a folder on your desktop where you can drag and drop files just like any other folder on your desktop, or access files on line through a web browser.

Sync_-_Send_FileUsers can set "permissions" to share information to different people or groups of people in their workplace, and alsos send files to outside users with a link.  This is great when you're working with large files and email won't handle them.  You can also set the link to expire in a fixed amount of time and password protect the link.

 

 

Key features are summarized below:

Ensure Fast Employee Adoption with Easy-to-Use Service

•   Intuitive and elegant design requires little to no training

•   Impressive file rendering across multiple devices

•   Easy to use files and folders with convenient full text search

 

Enable Simple, Secure Team Collaboration

•  File locks, change tracking and notifications and commenting

•  Permission based share folders (full access, modify or read-only)

•  Protect public links with passwords and expiration dates

•  Unlimited file size support

 

Sync, Store and Access Files from Anywhere, From Any Device

•   Undelete feature offers fast file recovery

•   Desktop application support: Mac and Windows

•   Mobile apps support: iOS and Android

•   Web access to your files when you are away from your devices

 

Built for Business with Advanced Admin Control and Permissions

•   Audit trails about users, devices, and files for compliance and security purposes

Contact us for a demo at support@ekaru.com.  

Homeland Security Posts Alert for Windows 2003

Posted by Ann Westerheim on Mon, Nov 17, 2014 @ 10:11 AM

The Department of Homeland Security has issued an Windows_Server_2003alert for Windows Server 2003 (TA14-310A).   Microsoft is ending support for the Windows 2003 Operating System on July 14, 2015. After this time you will no longer receive security patch updates to protect against viruses, malware and other security threats.  There will also no longer be any software updates or technical support available from Microsoft after this time.

After July 14, 2015 systems running Server 2003 will be at risk for many cyber-security threats.  In addition, your business will be out of compliance for the MA Data Security Law, HIPAA, and other industry security compliance protocols.  Because of this, we're asking all clients to start planning NOW to prepare for the migration to a new server.

All products have a life-cycle and this is part of the standard Microsoft product life cycle management.  Last Spring, Windows XP was retired and now Windows Server 2003 is the next major operating system on the list.  As of July of this year, there were an estimated 12 million servers running Windows Server 2003 worldwide, so there will be a lot of work to bring systems up to date.  In general, if server hardware more than five years old, we recommend refreshing the hardware.

 

 

Is my UPS a Generator? Power Management for your Business

Posted by Ann Westerheim on Wed, Sep 10, 2014 @ 08:09 AM

LighteningIs my UPS a Generator?  This might sound like a crazy question, and we're not talking about the delivery service with the brown trucks, we're talking about an Uninterruptible Power Supply (UPS). With last weekend's severe thunder storms in the area (and winter on the way), it's a good time to think about Power Management.

As a general rule, all computers, servers, and network equipment should be protected with a UPS.  In some cases, you may need a big battery to keep a system on for short outages, or just enough to enable a safe shutdown, and protect from spikes/variations in power.  

It's important to know that a UPS isn't a generator - it doesn't keep your power running for extended periods of time such as when the power is out for hours or days.  The UPS will keep your system running for typically for a few minutes (depends on the battery size), and if the power isn't restored, the software will trigger a safe shutdown of your computer or server. The UPS also protects you against power surges and spikes, voltage sags, and frequency differences (when the power is not at 60Hertz).  Features to consider when selecting a UPS is the size of the battery, and software capabilities to enable a safe shut down. Some units also provide the ability to power cycle equipment over a network.   Longer run times will greatly increase cost (bigger battery).  

As a quick check of your technology,  servers, computers, or network gear should be never be plugged directly into the wall.  In addition, any printers or other electronics should, at a minimum, be protected with a surge protector power strip.  Note that power strips should not be connected to a UPS, they should only be plugged into the wall.  

Should my monitor be connected to the UPS or just a surge protector?, If you're just interested in safe shutdown, your monitor doesn't need to be connected to the UPS, but if you intend to run for a period of time, then your monitor should be connected.   Long power outages are rare, but you may also consider a generator for your business.

And always remember to save your files frequently and close them when you're done working, and make sure you have a robust backup. 

 

Tags: Power management, UPS, Surge protector

What's a "Patch Policy" and why do I need one?

Posted by Ann Westerheim on Tue, Aug 26, 2014 @ 07:08 AM

Security Patch PolicySecurity is the top technology concern among small business owners, and the flood of information about new security threats can seem overwhelming at times.  Just about every week we see a new headline about a new threat or breach.  

One of the most important actions to protect against threats is to keep your software up to date.  In fact, the Massachusetts Data Security Law and other industry-specific compliance rules require up to date security updates:  "For files containing personal information on a system that is connected to the Internet, there must be reasonably up-to-date firewall protection and operating system security patches..."  

Every month, Microsoft releases new security updates on "Patch Tuesday" which is the second Tuesday of the month.  These security updates are free with your licensed products, but they need to be installed to be effective.  As you may know, you can turn on "automatic" updates with Microsoft, and get all the updates, but in many cases, blindly installing the updates can be a problem in a business environment and we don't recommend Automatic Updates. This is why our "best practice" is to test updates before installation and create a "patch policy" to manage installation.  Just last week, Microsoft repealed security updates that were linked to blue-screened systems.  The software is so complex, and occasionally a patch gets released that has unintended interactions.  One of the most common is that many line-of-business applications won't run with the latest version of Internet Explorer, and a blind update will cause problems.  

We get a lot of questions about this, and we thought it would be useful to explain the reasoning behind the generation of a patch policy.  As a general rule, we'll install all Microsoft Operating System, Office, and other critical patches after testing.  In general, critical patches will be tested within 24 hours, and lower priority patches will be tested within one to two weeks.  

Sometimes customers look at the Automatic Updates information from Microsoft and become alarmed that they are not getting automatic updates, and the reason is that we test patches first.  Our software monitors for patch compliance, and we are automatically notified when there is a problem and we can report back to users as needed.  Each month, we review the list of installed patches and have a person on our team who specifically reviews sites every day for compliance.

Additional patches that are installed include Apple operating system patches (for MACs), and also "third party" patches such as Adobe Acrobat, Flash, Reader, Safari, Mozilla Firefox, Java, among others.  As a general rule, we install hardware drivers on an as-needed basis as these are very specific to different systems and configurations.

The next most important feature of a patch strategy is to manage reboots.  Many security patches require reboots for installation, and some patches are sequential in that the next patch can't install before the first installation is complete.  For servers, we generally program a scheduled reboot after security patch installation at a scheduled time to minimize disruption to the office (generally in the midnight to 5am window).  In a few cases, some line-of-business applications are known to not gracefully start after a reboot, and instead we schedule attended reboots so that the server and applications can be checked after the reboot.  We'll call the office and schedule a specific time that works.

For desktops, we generally don't schedule forced reboots because of the potential disruption this can cause a user.  If someone forgets to close an important document, or they're working at an odd time, a scheduled reboot can be annoying.  Also, if a system is "asleep" during the scheduled time, the reboot will be attempted when the computer is "awake" again, and this can be annoying as well.  We monitor reports of systems in need of reboot, and typically communicate with the office to let them know who needs a reboot.  Also we ask all users to reboot at least weekly.  In a few cases, we have scheduled site-wide reboot times, and if we see consistent problems with reboot compliance, we will strongly recommend this.

Data security is critical for protecting your business, and security updates are the first line of defense.  Every month we get questions about security patches, and we hope this post has addressed some of your questions.  Let us know!

 

Tags: Microsoft Security Patches, Patch Policy, Compliance

Subscribe by Email

Browse by Tag

Connect With Us

Older Blog Posts

For older Ekaru blog posts, go to ekaru.blogspot.com.