Is my UPS a Generator? This might sound like a crazy question, and we're not talking about the delivery service with the brown trucks, we're talking about an Uninterruptible Power Supply (UPS). With last weekend's severe thunder storms in the area (and winter on the way), it's a good time to think about Power Management.
As a general rule, all computers, servers, and network equipment should be protected with a UPS. In some cases, you may need a big battery to keep a system on for short outages, or just enough to enable a safe shutdown, and protect from spikes/variations in power.
It's important to know that a UPS isn't a generator - it doesn't keep your power running for extended periods of time such as when the power is out for hours or days. The UPS will keep your system running for typically for a few minutes (depends on the battery size), and if the power isn't restored, the software will trigger a safe shutdown of your computer or server. The UPS also protects you against power surges and spikes, voltage sags, and frequency differences (when the power is not at 60Hertz). Features to consider when selecting a UPS is the size of the battery, and software capabilities to enable a safe shut down. Some units also provide the ability to power cycle equipment over a network. Longer run times will greatly increase cost (bigger battery).
As a quick check of your technology, servers, computers, or network gear should be never be plugged directly into the wall. In addition, any printers or other electronics should, at a minimum, be protected with a surge protector power strip. Note that power strips should not be connected to a UPS, they should only be plugged into the wall.
Should my monitor be connected to the UPS or just a surge protector?, If you're just interested in safe shutdown, your monitor doesn't need to be connected to the UPS, but if you intend to run for a period of time, then your monitor should be connected. Long power outages are rare, but you may also consider a generator for your business.
And always remember to save your files frequently and close them when you're done working, and make sure you have a robust backup.
Security is the top technology concern among small business owners, and the flood of information about new security threats can seem overwhelming at times. Just about every week we see a new headline about a new threat or breach.
One of the most important actions to protect against threats is to keep your software up to date. In fact, the Massachusetts Data Security Law and other industry-specific compliance rules require up to date security updates: "For files containing personal information on a system that is connected to the Internet, there must be reasonably up-to-date firewall protection and operating system security patches..."
Every month, Microsoft releases new security updates on "Patch Tuesday" which is the second Tuesday of the month. These security updates are free with your licensed products, but they need to be installed to be effective. As you may know, you can turn on "automatic" updates with Microsoft, and get all the updates, but in many cases, blindly installing the updates can be a problem in a business environment and we don't recommend Automatic Updates. This is why our "best practice" is to test updates before installation and create a "patch policy" to manage installation. Just last week, Microsoft repealed security updates that were linked to blue-screened systems. The software is so complex, and occasionally a patch gets released that has unintended interactions. One of the most common is that many line-of-business applications won't run with the latest version of Internet Explorer, and a blind update will cause problems.
We get a lot of questions about this, and we thought it would be useful to explain the reasoning behind the generation of a patch policy. As a general rule, we'll install all Microsoft Operating System, Office, and other critical patches after testing. In general, critical patches will be tested within 24 hours, and lower priority patches will be tested within one to two weeks.
Sometimes customers look at the Automatic Updates information from Microsoft and become alarmed that they are not getting automatic updates, and the reason is that we test patches first. Our software monitors for patch compliance, and we are automatically notified when there is a problem and we can report back to users as needed. Each month, we review the list of installed patches and have a person on our team who specifically reviews sites every day for compliance.
Additional patches that are installed include Apple operating system patches (for MACs), and also "third party" patches such as Adobe Acrobat, Flash, Reader, Safari, Mozilla Firefox, Java, among others. As a general rule, we install hardware drivers on an as-needed basis as these are very specific to different systems and configurations.
The next most important feature of a patch strategy is to manage reboots. Many security patches require reboots for installation, and some patches are sequential in that the next patch can't install before the first installation is complete. For servers, we generally program a scheduled reboot after security patch installation at a scheduled time to minimize disruption to the office (generally in the midnight to 5am window). In a few cases, some line-of-business applications are known to not gracefully start after a reboot, and instead we schedule attended reboots so that the server and applications can be checked after the reboot. We'll call the office and schedule a specific time that works.
For desktops, we generally don't schedule forced reboots because of the potential disruption this can cause a user. If someone forgets to close an important document, or they're working at an odd time, a scheduled reboot can be annoying. Also, if a system is "asleep" during the scheduled time, the reboot will be attempted when the computer is "awake" again, and this can be annoying as well. We monitor reports of systems in need of reboot, and typically communicate with the office to let them know who needs a reboot. Also we ask all users to reboot at least weekly. In a few cases, we have scheduled site-wide reboot times, and if we see consistent problems with reboot compliance, we will strongly recommend this.
Data security is critical for protecting your business, and security updates are the first line of defense. Every month we get questions about security patches, and we hope this post has addressed some of your questions. Let us know!
Thank you! Thanks to everyone who sent in a customer survey card back in June! As promised, in appreciation for getting cards back, we donated a big box of socks to Boston Healthcare for the Homeless: 122 pairs of socks were donated!
In the survey, we asked clients: "How likely is it that you'd refer Ekaru to a colleague or a friend?" The overall core values repeatedly cited in the responses are responsiveness, knowledge, and friendly service, and we were pleased with the overall response (80% of cards were a 9 or 10 and over ½ of the cards were a 10). We want to keep improving our strengths, and of course we need to correct things when we fall short of expectations.
The key areas we are working on strengthening are better communication and follow-through on open issues. We’re working on call flow to get a faster response to support calls and a faster resolution including full root cause resolution. We’re also working on team coverage so that more resources can help you get faster resolution. Typically one person on the team works with you regularly and gets to know you very well, but to provide better coverage, we need other team members ready to step in seamlessly when needed.
Another thing a few people have asked for is simplified billing. Instead of hourly billing, we will also be offering fixed priced engineering support contracts based on the number of users at your site. Call us if you’re interested in exploring this.
Quick Tip: During a busy work day you may find your computer desktop cluttered with many open browser tabs and applications. Need to quickly get to your uncluttered desktop? Remember the Windows shortcut: Windows Key + D. Hit the Windows Key and then the "D" key and your desktop will appear.
If only this would magically work for the rest of a cluttered office!
Keep in mind that if your computer starts running slow, you probably need to actually close out the things you aren't actively using, but the shortcut is great for seeing the desktop fast.
Every day we review security patch compliance for all our clients with managed services coverage with us. Often, we see systems with security patches pending reboots. Many security patches require a reboot to install, and some security patches are sequential, so the next one won't install before the previous patch is complete. This can result in a system that isn't fully protected.
Server reboots are handled on a scheduled basis, but with desktop reboots, often we leave it to the user to reboot at their convenience to reduce the risk of disruption or lost files that aren't saved. As a general rule, we ask users to reboot (at least) weekly.
One thing we've noticed recently, is that many users think they're rebooting, but they're not. To clarify, here are the steps (in Windows 7).
- Click on the "Start Button" (Windows colorful flag in the lower left hand corner).
- Click on the arrow next to "Shut Down", and select "Restart" from the list. This closes all programs, shuts down Windows, and then restarts Windows again
If you see a yellow icon on the "Shutdown" button, then you need to select this option instead of "Restart", to completely power off your system. Keep in mind that you will need to manually restart the system with the power button with this option. If you're leaving for the day and want to remote in later, or you have a backup that runs over night, it's important to remember to power on your system again.
You'll also see many different choices - "Switch User", "Log off", "Lock", "Sleep", and "Hibernate". None of these is a reboot. A common mistake for laptop users is to always put the laptop to "sleep" by closing the lid and never rebooting. Some users mistakenly believe they did a reboot because they need to enter a password to log in again.
Remember to reboot your computer at least weekly! If you'd like us to set up an automated schedule for reboots, we can implement that for you, but keep in mind that all users need to get in the habit of not leaving files open and unsaved.
In our last post, we talked about suspicious emails that don't look so suspicious on the surface. Here is an example of an email to show you what to look for. In this case, a fake payroll report is being sent. A busy, distracted person may open this by mistake, or an opportunistic employee may try to open it to sneak a peek at confidential information. SLOW DOWN and check your mail carefully. Even with up to date antivirus protection and spam filtering, some emails CAN get through because they are engineered to get through. This can be a phishing email (trying to get confidential information) or a dangerous virus such as Cryptocker. Don't open the door!
- Multiple random email addresses are listed including some mispellings
- The subject line doesn't match what is actually used by this vendor (but this is tough to catch)
- The dates don't match - report date vs email "sent" date
- The instructions call for the user to download the file from Dropbox and this vendor would never transmit this type of information with consumer file sharing application
- The instructions mention Dropbox, but the link says Cubby (a different brand of file sharing)
- The link includes a .zip extension which is often used to hide executable files.
- There is no corporate email signature or information at the end of the email.
Many things to watch out for, and we thought it would be helpful to point them out. Please help spread the word by including this in your employee security training. You can click on the image to view a larger version which is easier to read.
We've all heard that we shouldn't open suspicious emails. They can be phishing scams (attempts to get personal information such as username, password, and account number), or contain viruses. The problem is, the "bad guys" know we're on the lookout, and the real danger lies in emails that are disguised to not look suspicious.
There's another round of Cryptolocker going around and this is just about the worst virus you can get. The virus attacks your files including any files you have on a networked device, and holds them for ransom. The virus often spreads through emails with very normal (and sometimes enticing) subject lines.
Here are some of the email subject lines to be on the lookout for:
- Scan from a Xerox WorkCentre
- USPS - Missed package delivery
- ACH Notification ("ADP Payroll")
- Voice Message from Unknown Caller
- Corporate eFax message from "random phone #" - 8 pages
- Important - New Outlook Settings
- Dun & Bradstreet Case Number
In some cases the emails look very routine such as a fax or a scan and you can see how easy it would be for someone to open the email on "autopilot". In other cases, they are designed to entice someone to open something they normally shouldn't have access to like a (fake) payroll report.
We've covered theses threats in our on-line training, newsletters, blog posts, social media feeds, but it's worth repeating - stay alert when opening email! When you slow down, you'll see the emails are always a bit off, or they may contain a "zip" attachment. If something is a bit off, STAY AWAY! It may be a criminal knocking on your door.
Outlook has a time saving "autocomplete" feature that's a big help most of the time, but can sometimes cause issues. When you compose a new email message in Outlook, as you start to type in the first few letters of the recipient's email address, you'll see that Outlook will have suggestions for you based on who you have emailed before. This is a great time saver, and over time your list will grow. An important thing to know, is that it's not actually your address book, it's a cached list of anyone you have emailed in the past.
The downside is that sometimes the list will contain an outdated or invalid address. If you ever email someone new and have a typo in the address, it will be saved and clutter your list for next time, which can cause you to make the same mistake over and over again.
To get rid of the bad address, scroll down the list, highlight it, and hit delete.
The file that stores all these addresses is called a "Nickname" file and has an extension of .nk2. If you get a new computer, and copy your mail and address book, your nickname file will initially be blank. Many users call us and report that their address book is missing. It's actually the .nk2 file, which can be migrated to the new system, but you may also choose to rebuild it fresh to decrease your "clutter".
Microsoft Outlook has a built in feature to process junk mail and send it to a "Junk" folder as a way to control Spam in your inbox. This is a great feature if you only read mail in one place, but for most users these days, mail is read on multiple platforms - smart phone, tablet, laptop, browser, etc. This is why we typically recommend filtering Spam in the "cloud" so the mail is filtered BEFORE it gets to your mailbox, and gets cleaned centrally before going to all your devices.
When spam is filtered in the cloud, it's important to turn off the Junk filter in Outlook so you don't wind up with two competing programs doing the work. We often get calls about missing emails that are sometimes found in a Junk folder, or have been processed by forgotten "rules" in Outlook. Some users are fine with checking in two locations for "false positives", but for most users, it just leads to confusion. Keep it simple!
To control your Junk settings in Outlook, in the "Home" tab, select "Junk", and then choose "Junk E-mail Options".
This will open the next window where you can control your settings.
When filtering is done in the cloud, we recommend turning off the local filter as shown.
You can see from all the options that this is a powerful tool, and if you have nothing else, and read mail only in one location, it's worth using. However, we do strongly advise filtering in the cloud and then turning off this setting for most users.
We've recently started upgrading our Spam filtering platform, so it's time to post some updated instructions. These days Spam messages account for 80%-90% of all email sent worldwide, generating a lot of clutter and in some cases, security threats. We strongly advise filtering mail before it gets to your mail server, and many of our clients have signed up for Spam filtering services with us.
The gist of this service is that all mail is filtered in the cloud before it gets to your mail server (either in the cloud or at your office). This way, the spam is kept off your network, and cleaned up in a central location before getting your PC, iPad, smart phone... all the devices you may use to read mail. Typically we set up the filter to send a summary report every day, typically scheduled for 8am (this can be scheduled for any time, and can be sent more than once a day).
You'll get an email summary in your inbox with a subject: "Messages quarantined since (previous day)". In some cases, you'll see a "false positive" which is a message that is flagged as spam, but actually something you want delivered. After a while, your filter will be "trained" to know what you want and what you don't want based on your preferences, but after an upgrade its important to check regularly at least at first.
When you open this message, you'll see a summary of the total number of messages quarantined and a list of all the messages including a "subject", the "Address" of where the email is coming from, a time stamp of when the message arrived, and some "Actions" you can take.
Scan through the list to see if there are an messages you want to have delivered. You have several allowed actions. "View" lets you look at the message in more detail without actually sending it to your mail server. This is a good option when you're not sure what the messages is. "Release Message" lets you release it to your inbox. Finally, "Allow from Sender" lets you release it to your mailbox and put the sender on your "safe list". This means that not only are you releasing the current message, but any future messages will automatically be allowed through. This helps "train" the software so you'll get fewer and fewer "false positives" over time.
At the top of the Quarantine Summary email is a link to "Enter your Quarantine". This is how you can get to your quarantine any time. For example, you may be expecting an important email that didn't arrive and you want to check your spam filter in real time to see if there's anything important there.
If you don't know your password, don't worry. Just go to the login page and select "Forgot Password" to reset it. Many people try their email password or Windows password and this is a separate password. After you log in, you'll be able to see your up to date quarantine (so you don't have to wait until the next day's summary), and you can also proactively add "safe senders". Under "User Options" you'll see "Allow List" and "Block List" where you can add addresses you want mail from or don't want mail from. Also, you'll see an option to set your password to something you can remember.
We strongly advise using only ONE spam filter. In Outlook, turn off your "Junk" filter as it is much more efficient to only check one location to manage spam. If you're not running Exchange mail, the Outlook "Junk" settings don't help for spam on your smart phone or tablet, so this is why we recommend filtering in the cloud before the messages get to your mail server. Getting your mail organized will save you time so take a few moments to acquaint yourselft to the settings.