I have written frequently about various scams and wrongdoing that have been perpetrated by “bad actors” around the world. Their attempts to profit by phishing for your personal information, obtaining your company’s data, or by wreaking havoc on your computers to collect a ransom have continued unabated. According to several threat analysis reports, these violations are escalating.

Accordingly, I have built what I consider to be an adequate security solution to offset, if not lessen, those threats. But as we all know, these unscrupulous offenders are relentless in their pursuit of illegal gains – because of the high payoff from their activities.

While reducing the number of attacks is one thing, I no longer believe that it is possible to eliminate them. I want to make sure that small business owners are aware of a variety of defenses that they can put in place to help prevent various attacks from ending badly for them and their business.

If you think back in historical terms, a castle had many defenses: the moat, the drawbridge, the battlements, the inner wall, and finally, the walls of the building itself. A business must have similar levels of security mechanisms in place to prevent cyber-attacks from causing devastation. Because without multiple layers of protection, the likelihood is, something malicious will get through, and whatever that something is, it will wreak havoc on you and your business.

In mid-June, I attended a webinar that featured one session that blew my simple analogy to shreds. Bruce McCully, president of Galactic Advisors, has come up with a more sophisticated method of determining risk, and thus, identifying areas of improvement for security measures for small businesses.

His approach comprises six layers of protection, which surround the assets of a company. He defines assets as any file system data, a Human Resources system, Payroll data, or database. Those six layers are:

  1. Human
  2. Perimeter
  3. Network
  4. Endpoint
  5. Application
  6. Data

The Human layer describes, as you would expect, the actions taken by the employees of a company. They are the first line of defense against any attacks on any small business, but they are also the weakest. This is why policies, procedures, and training are so important.

The Perimeter layer describes the rules required by the company’s firewall. A firewall is an appliance that reads the incoming and outgoing internet traffic and scans for anything unusual.

The Network layer is one that focuses on how an organization connects their computers and devices.

The Application layer involves the remote monitoring and maintenance software that IT technicians employ.

The Endpoint layer consists of the computers that run next-generation antivirus security.

Finally, the Data layer is the one that details the company’s back-up and restore policies. After all, if you are not backing up your important files – with the foresight of knowing how quickly you can restore them in the event of any attack – you are not protecting your assets.

All of this seems reasonably straight forward, and it is. Where it gets more complicated is when McCully says that it is not enough to have those layers and apply rules to them. No, he adds that it is essential to add gradations to those layers. He proposes four, although not all four apply to each segment. Those categories are:

  • Prevent
  • Guard
  • Detect
  • Mitigate

Yes, it would help if you prevented terrible things from happening. It takes a significant amount of discussion with a business owner to determine just how he or she would want to go about doing that. But it would be best if you also guard against inadvertent data loss that is not necessarily controlled by people. Next is the ability to detect intrusions of almost any kind, and define the alerting mechanisms to ensure they are acted upon promptly. Finally, you must develop Breach Response Procedures and possibly involve a third-party Security Operations Center to track the elusive path of the threat vector that attacked your company — and clean up afterward.

McCully then describes three levels of business needs for each of these components:

  • Basic needs
  • Security compliance requirements
  • Compliance-driven mandates

For each of these, he includes the following scale:

  • Non-essential, meaning it is not a core component of the company’s security program.
  • Recommended, because it is necessary to educate the company about the solutions, whereby they will invest in a more secure environment.
  • Mandatory, which he defines as “table stakes items;” these are items that, if not implemented, are considered negligent.

This vast matrix of layers, categories, and levels is truly wonderful, and incredibly thought-provoking material. I plan to spend several weeks working to formulate my responses for each aspect of this new roadmap. And the very first step in this arduous journey will be to apply all of these elements to my business, and to shore up my documentation and defenses. I am certain the result of those efforts will be various proposals for new and improved ways in which to safeguard your home computers, your “work at home” laptops, and all the small business networks that I serve.

Thanks, and safe computing!

But what happens when something that another IT provider, or vendor, does is so not aligned with “best practices” that it makes me shudder? What if their actions could cause a serious problem at the client’s (or prospect’s) site that might have otherwise been avoided? Couldn’t I then be forgiven if I mentioned that the other guy’s effort was misguided?

I guess it depends on the circumstances.

I encountered two instances of less than stellar computer infrastructure design in the early part of June, and my frustration was significantly higher than that expressed by the folks who were affected. Could I not be forgiven if I said, “Well, you know, those guys really messed up here, but I have a way to fix it.”

But I can’t explicitly say that because I don’t always know the kind of relationship the client (or prospect) has with that vendor or IT company. Instead, I’m usually turning things around by saying something like, “Well that’s not how I do things, because after 10 years in business, I’ve learned that this approach —whatever this is — works much better.”

Of course finding the appropriate solutions to a client’s – or a prospect’s – problems is the core of my business. The tag line for Heliotropic Systems has been “Computer Systems Analysis & Design” for more than 20 years. My goal is to design and deploy computer and network hardware and software with the understanding that it is supposed to operate properly, based on the client’s requirements. In my very parochial way of thinking, I guess that’s pretty much what anyone would want, never mind expect.

Read More →

Microsoft will be ending support for Windows 7 in January 2020, which means there will be no further updates. Shortly thereafter, I will stop support as well. While that date may seem far in the future, I can assure you that’s not the case! It is less than a year and a half away, and the majority of my clients will need new computers (along with associated hardware and software) between now and that deadline. I am affected by this as well; because I have to replace my desktop and laptop.

This early reminder is designed to let you begin planning a budget for a refresh. Based on the current political talk and potentially looming trade tariffs, it is possible that computers could cost more for consumers and businesses before next year. However, I have no idea when (or if) price increases will take place, nor by how much. You can use the following approximate numbers: $800 for a computer, $200 for a monitor, $150 for a printer, and $500 for me to do the necessary work (assessment, procurement, system set up, installation, and file transfer).

I have a chart with the warranty information for each of my clients’ computers. I will send you a letter 60 to 90 days in advance of its expiration to find out how you would like to proceed. Some of you may decide you want to move to an Apple Mac, others may opt for Ubuntu Linux, and still others Google Chromebook. We can discuss those options in the coming months.

Please note that recently purchased Windows 7 computers are eligible to upgrade to Windows 10 for free. I will contact Lenovo to obtain the software update for you. Other Windows 7 computers may not be eligible for free software, but could still run Windows 10 (an additional purchase). Again, I will discuss these options with you as well.

Look for more frequent reminders, along with Windows 10 usage tips, in future editions of this blog.

Cisco Systems earlier this week released a report from its Talos cyber intelligence unit. It contained a warning of 500,000 routers and storage devices in 54 countries that have been infected with malware. Their findings (https://blog.talosintelligence.com/2018/05/VPNFilter.html) pointed to the Russian government as having sponsored the hack, calling it “VPNFilter,” and that the software was simply waiting for activation. With a high preponderance of these devices in the Ukraine, it seems that an attack might be pending, or at least imminent.

I won’t bore you with the details (and they are voluminous), but the recommendations for how to thwart the hackers are quite interesting. End users are instructed to reboot their routers, modems, and network attached storage (NAS) devices to the factory default state and then to install the latest firmware. Internet Service Providers (ISPs) are instructed to reboot routers and cable modems for their customers and to ensure the devices are patched. Those two steps should, for all intents and purposes, knock out any of the malware that may have infected the devices.

Here’s my question: How many home users – or business owners – know how to perform those two steps? I do, because it is something I learned a long time ago as part of my job. But I can’t see asking any of my clients to do that. For one thing, the recommendations didn’t take into account the main task of saving existing settings – or at least writing them down – so they could be recreated after the device was flashed and rebooted.

In a “best case scenario” I can imagine someone was using a Linksys modem they purchased from a big box store and they didn’t configure anything; they simply followed the installation instructions. But in all likelihood, the SSID (i.e., the broadcast name) of their Wi-Fi is going to change. That means all of their wireless devices – computers, printers, tablets, and phones – will also need to be reset.

The report acknowledges that most of these devices are what we frequently call “set it and forget it,” meaning that they are expected to simply do their job once they’ve been installed. My concern about the recommendations centers on the fact that most individuals have no idea how to obtain the current firmware for these network attached devices. It isn’t very obvious from any of the manufacturers’ literature (and these include Linksys, TP-Link, and Netgear) that this is a task anyone should ever consider doing.

Granted a half-million devices is only a small drop in the bucket in terms of world-wide network device distribution. Yet it seems we have entered into a new “normal” for what people need to do – and learn – in order to better protect themselves from cyber security threats.

Thanks and safe computing!

I received a phone call from a major distributor earlier this week asking me if I knew about a new line of laptops issued by the electronics giant LG. I admitted that I was a Lenovo partner, and was partial to their offerings, but I was interested in seeing what the competition had available.

A short while later I received the email, the bulk of which is shown below.

 

At first I was intrigued, because it looked like it was going to be a light-weight model that could be useful for some road warriors. That is until I got to the last word of the text, and I stopped short. In my head I heard the cartoon sound of tires screeching to a stop.

I then re-read the title, “Professional Redefined.” At that point I was horrified because of the dissonance in the ad copy.

It starts with the word “professional” in the first line and ends with the words “Windows 10 Home” in the last.

If “professional redefined” means using consumer-based products in a business environment, I am absolutely and totally against it.

I am a managed services provider (MSP), and I sell IT support services to small businesses.

One of the main points I make as an MSP is that a business must use business-class (or even enterprise-class) products, because they are designed to be properly managed, provide greater security, and offer additional features used by businesses.

Windows 10 Home does not fit in those categories at all.

I cannot, in good conscience, even consider these devices for my clients.  But now I’m wondering how much grief this LG marketing campaign is going to cause other MSPs who will have to tell their clients, “No, I’m sorry, it looks nice and shiny, but it isn’t suitable for your office.”

And no offense to LG, but if you are going to redefine the word “professional,” I would hope – very sincerely – that you would aim for something higher up on the scale, instead of lower.

Thanks and safe computing!

Think back to the first time you ordered a book on Amazon.com. Wasn’t that a miraculous experience?

Just the thought of not having to sit in traffic to drive to the mall, and the ability to avoid the crowds while you sat at your desk and browsed through thousands of books without screaming kids or having someone looking over your shoulder as you decided between two authors. All of that was achieved with cloud technology. Of course, back then you used dial-up technology to connect to the internet. Things were slow, but you didn’t care – you thought that it was wonderful.

My, what a difference a decade has made!

The simple fact is, cloud computing is NOT a good fit for every company, and if you don’t get all the facts or fully understand the pros and cons, you can end up making some VERY poor and expensive decisions that you’ll deeply regret later.

First, you’ve got to review the standard features of any cloud-based software product. These include flexibility in terms of migrating your existing data to the software vendor’s product, thus obviating the need for hardware expenditures. You’ll be in a position to give your employees the ability to collaborate on the same information at the same time even if they are in diverse locations. And lastly, you will be able to scale up (or ramp down) the number of software licenses to match the speed of growth within your organization.

So if you are interested in using cloud technology for your business, you must start with your internet connection; in this case, the faster the better – as long as it fits within your budget. And, as a successful business owner, you know that something can go wrong at the most in opportune time and you know that you want to avoid that. Therefore, you should ask your IT professional about a cellular failover device to provide redundant back-up service for your internet service provider’s service.

When you work with any cloud software vendor you must understand that they will be keeping YOUR data on THEIR servers. You should find out from the software vendor how they will protect your data from any form of breach, and what actions they will take on your behalf if such an event occurs.

And, because your data is an integral part of your business, you have to ensure that it is backed-up as well as protected. By moving to the cloud you do not get to forego standard data-related housekeeping chores; you simply offload the responsibility to another party. But you should ascertain that they are going to be good stewards of your information by asking them how often data is backed up, and what their retention scheme is.

You will also want to review any and all mechanisms available to you if you decide to terminate your arrangement with the cloud provider. Reasons for this can be varied: They may be going out of business; you may feel you can no longer work within the constraints of the product because it has not evolved over time; or your organization has grown to the point that the product no longer suits your needs. At the very least, you don’t want your data to be held hostage. It is, after all your data. Know beforehand about the means to download it or how you could perform a data migration to another vendor.

All of this means that you should carefully review all of the terms and conditions associated with your account. If you are unsure of anything, or how you would be affected, print it out and have your lawyer review the document.

Because you’ve read this post, I’d like to offer you a FREE Cloud Readiness Assessment to show you there IS a better way to upgrade your computer network AND to demonstrate how a truly competent IT professional (not just a “computer guy”) can guide your company to greater profits and efficiencies, help you be more strategic, and give you the tools and systems to fuel growth.

To respond, please call our office at 866-912-8808 and ask for me, Larry. I personally want to take your call to answer any questions about this blog post, my company, and how we might be able to help you.

One day, you look in the Windows Task Scheduler and see the message:

The selected task “{0}” no longer exists.  To see the current tasks click Refresh

symNG2

Well after you click OK and then click Refresh, you are still missing that task.  And Windows is really great about not informing you of what that task is.

Other articles on the Internet suggest going through the actual Tasks folder to determine where the disconnect is.  I think I have an easier solution for anyone using a Symantec security product, particularly the Symantec Endpoint Protection Small Business Edition (also known as Symantec.cloud).

Open an elevated command prompt and issue the following commands:

cd \
cd program files\symantec.cloud\antivirus
avagent –SHOW_UI

The GUI will be displayed. (Norton Internet Security users simply open the product.)  Depending on your version, the screen’s appearance may differ from the one shown below (which is from NIS 21.5.0.19)

Click on Settings, and select the General tab.

symNG3

When you click the question mark to the right of the Idle Time Optimizer, you see the web page that explains that this “feature” automatically defragments the hard drive when the user is inactive for a period of time.

symNG4

I find this too pretentious for words.  If I have set a disk defragment schedule on my computer, or any of my clients’ computers, I fully expect those schedules will be maintained and adhered to.  I certainly don’t expect my security software to come along and interfere with them.  Even worse, is the error message that ends up being displayed as a result of Symantec’s change.

So, turn off the Idle Time Optimizer.  Click OK to apply.  Close the GUI, and the command prompt.

After you turn off this setting, click the Windows Start button, type “defrag” (without the quotes) in the Search bar to launch the Windows Defragmenter.  Change any one of your existing settings to force the entry back into the Task Scheduler.   You can reset the minor change immediately, and then close the Defragmenter.

Now, go back to the Task Schedule and see that there is no error message.

There you have it, an amazingly simple solution to a vexing (and stupidly annoying) error message.

I have been working with the Windows 10 Technical Preview for several weeks now. It is slowly starting to stabilize, and I am becoming slightly more proficient in working with and around it.

Just the same I have some concerns that lead to questions for which I have not found answers.

I am concerned about support for vendor-specific device drivers from the likes of Dell, HP, and Lenovo. In many cases these manufacturers did not provide new or updated drivers for Windows 8 / 8.1 for “recently released” Windows 7 computers.

What’s going to happen when someone thinks they can update to Windows 10 because Microsoft said it was possible – and they no longer have network access because there are no Windows 10 drivers for their network card? The only option at present is to roll back the upgrade and hope that the computer still operates properly.

I am also concerned about what is going to happen after the first “free” year of Windows 10 as a service. What is Microsoft going to charge consumers and small businesses to continue using the operating system on their computers, laptops, and tablets? Will there be a “buy one – get two free” offering? Will each device require a subscription? How much money does Microsoft think consumers will be willing to spend monthly or annually?

I am patiently waiting for some answers to come from Redmond…

SkyDrive is Microsoft’s cloud storage feature for sharing files among various Internet-connected devices.  You can upload files from your computer to the cloud and access them from your web browser, or your phone.  You can even share files with others.

Here’s how it works.  To get started, open your web browser and go to http://windows.microsoft.com/skydrive.  Click on the Get SkyDrive button.  A small file will download to your computer.  Double click it to launch it.  As part of the installation process, you will be asked for your Microsoft Account.

If you don’t have one, you can create one at that time (all it requires is an email address and a password).  You will have to verify your existing email address by waiting for an email from Microsoft.

The installation continues to run and creates a SkyDrive folder on your computer .

Click Next and then Done, and you can access your files from anywhere. Read More →

In October 2009, Microsoft made an unusual jump into the “free” software market.  It allowed original equipment manufacturers (OEMs) like Dell, HP, and Lenovo to install a replacement to the previously discontinued Microsoft Works suite.  The offering was called Microsoft Office 2010 Starter Edition.  This starter set of Office only included Word and Excel.  In fact, these versions were a subset of the base products, because they had reduced functionality.  In addition, they were sponsored with relatively unobtrusive Microsoft-sponsored ads.

Face it; if you only used those two Office products, and wanted to save more than $100, you used the “free” version of Office that came pre-installed on your computer.  Many of my clients did that – because the two products just worked and people  found they didn’t need the advanced functionality.  However, Microsoft believed that most consumers would eventually click on one of the ad links and purchase the fully functional version.

This experiment lasted less than three years.  In June 2012, Microsoft announced to the OEMs that they could no longer pre-install the Office 2010 Starter Edition.  With that announcement, the OEMs could offer either a 60-day trial or let you purchase the full product.  There was no “in between” version available.

So what should a consumer do?  Naturally, there are two options.  The first is based on the long-standing practice of purchasing software and installing it on your desktop.  The second is based on the new way things are heading.  In this case, you use a web browser and put your files in the cloud.  Let’s discuss each of these options.

The lowest priced version of Office 2010 costs around $120.  This is the Home and Student version.  All you need to purchase is the product key, which contains the 25-digit code to unlock the Office 2010 software that is already installed on your computer.  If you want, or need, to use Outlook for your email, you’ll have to spend about $70 more for the Home and Business version.

The second option requires a leap of faith and the desire (and ability) to learn new ways of doing things.  Here, you would to select to use the preview version of Microsoft Office Web Apps.  This is (for now) a free, online, edition of Word, Excel, PowerPoint and OneNote that relies on a scaled-back subset of the desktop versions’ features.  It requires using Microsoft’s SkyDrive (something you have to sign up for separately).

SkyDrive gives you 7 GB of storage in the cloud, and is accessible from a web browser.  This means you can access your files from any computer anywhere there is an Internet connection.  The Office Web Apps can work in conjunction with the desktop versions of Office, but do not require it.

Office Web Apps is still considered to be in “preview” mode.  This is the equivalent of “beta” software, so that means you cannot depend on it 100% of the time.  It also means that your support is solely through email or community forums.  However, because it runs in a browser, Microsoft can update the functions and features on a regular basis – without performing any updates on your computer – to make sure that these programs operate properly.

So, give Microsoft more than $100 for software so you can work on your desktop, or give Microsoft your files so that you can work on them in the cloud.  The decision is up to you, and in most cases will be based on what you want.  To get a glimpse of what the future holds, take a look at Working with Microsoft in the Cloud Using SkyDrive.”

If you have any questions about Microsoft Office, please let me know.