Submit a Ticket | Upcoming Events | PCS Connect | Call us (478) 971-1834

Who’s stealing all the bandwidth?

Click…wait. Click…wait. Click…ARGH! Sounds like someone is running out of bandwidth.  

What is bandwidth?  

Bandwidth is a lot like plumbing. The bigger the pipes, the more water can flow through. Similarly, the more bandwidth you have, the more data you can send or receive at any given time. 

An internet connection with a larger bandwidth can move a set amount of data (say, a video file) much faster than an internet connection with a lower bandwidth. However, be aware that with greater bandwidth comes greater cost and responsibility.

Is someone or something taking your bandwidth? 

Our dedicated team of experts has put together a list for you to help you determine who/what’s stealing all the bandwidth? Don’t fall victim to these bandwidth bandits! 

Who’s stealing all the bandwidth?

Not so long ago, it would have been ridiculous to ask an employer to give you free TV, free movies, free music and a free TV camera and crew at your house in case you wanted to work from home and conduct a meeting with coworkers. Yet, with the internet, all of these things and more are at the fingertips of most office employees and their remote counterparts. Naturally, a growing number of employees will use some or all of these services for personal use while under your roof and on the clock wasting your valuable bandwidth.

Many employees use much more bandwidth than necessary to do their jobs. As a business owner, what can you do about it? First of all, you’ve got to let your employees know that bandwidth is more than a commodity. Just like electricity, water, and leasing building space, bandwidth is a necessary expense you need to keep your business running. But unlike all the other expenses, the amount of bandwidth you truly need varies based on the workload and what you allow. It can be overused by employees who stream videos, stream music or play video games between completing company tasks. So, what are the most abused “Bandwidth Bandits”? Let’s take a look.

VIDEO:

Does your company upload or store video content on a daily basis? Many companies do these days, especially for marketing and training purposes. In addition to these, what about the videos that are being watched inbetween company projects? Viewing TV shows or movies online uses about 1 GB of data per hour for standard definition video, and up to 3 GB per hour for HD video. Downloading and streaming consume about the same amount of data. Since just about everything online is HD quality, you can see that those streaming and storing video content are usually the guiltiest bandwidth abusers in your office.

WI-FI:

Everything that is available to your employees through their internet connection is available through Wi-Fi. The extra strains Wi-Fi puts on bandwidth are caused by the users who connect their phones to Wi-Fi so they can save on their personal data plan. At no extra cost to them, they can stream video and surf online on their phones. Some people even use their phones to play video games while on (or off) their lunch breaks. Just being connected puts a small drain on your Wi-Fi, but all the rest can slow your network down to a crawl.

THE CLOUD:

Using the Cloud adds a lot of flexibility to your business. The scalability allows you to tailor your bandwidth needs as your company’s needs grow or shrink, but the amount of bandwidth usage varies as more and more files and programs are shared through the Cloud. With subscription-based software programs becoming the norm, there’s data floating in and out of your employee’s workstations all day. If you use heavy-hitting data drainers like HD video files that are shared between two or more employees, your Cloud gets weighed down fairly quickly. If not monitored properly, excess data usage through the Cloud can clog your system like hair in a bathtub drain. 

VIDEO CONFERENCING:

Whether you’re working from home, meeting with clients, or even interviewing potential new employees, video conferencing is definitely a tool that makes good business sense. Many business trips have been replaced by video conferencing, and that’s good for your budget. But now you’re sending that information through your internet connection which needs to be factored into your bandwidth needs. The good news is that video conferencing costs a lot less than travel, so spending a little more on bandwidth is probably the most cost-effective way to meet with people one-on-one.

STREAMING MUSIC:

Many people enjoy listening to music while at work, and if the company allows it, then it’s no big deal. Right? Well, mostly right. Problems may arise when the streaming music is left running 24 hours a day or multiple people are competing, blasting their own tunes. The more people stream music, the more it will cause a drain on your bandwidth. Even though music streams at a low data rate, some services allow users to store their music files on the Cloud, and that causes a bump in the data flow. Accessing personal music files and streaming internet radio may not take up too much bandwidth, but the number of employees who are constantly listening to music adds up. If most of your employees listen to streaming music, then data usage should be monitored.

SOCIAL MEDIA:

Humans are social creatures and they search out ways to stay connected to people they are close to. Social media gives us many ways to stay in touch with others, but in the office, that comes at a price. When business owners calculate the bandwidth requirements for start-ups, they often don’t factor in their employee’s social media habits. Sure, most functions utilized through social media don’t use much data at all, but increasingly, video attachments are sent along with text messages. Even in a compressed state, video files are among the greediest bandwidth thieves 

As you can see, there are many ways your bandwidth is being used throughout the day and it can impact your business in a variety of ways. For example, just a few years ago, it was taboo for employees to spend time watching videos on YouTube or looking at pictures of their nephew’s graduation on Facebook during work hours. Today, it is generally accepted that employees will spend some time doing these things.

As a business owner, you can place limits or controls on these habits, but these actions may cost you in other ways. Employee morale is linked to online habits, and if employees can’t stay in touch with their friends on your time, they’ll probably take more breaks than they used to so they can wish Aunt Edna a happy birthday.

It’s a challenge to find a balance between the bandwidth your business needs and the bandwidth your employees need. As the one who writes the checks, it may not seem fair that you’re funding someone else’s online habits, but in today’s business arena, it’s the price of doing business. In the next blogs, we’ll show you how to rein in these data hogs all while maintaining positive company culture and avoiding

Cloud Etiquette 101

Horrible house guests — we’ve all had them. Whether it’s that annoying family member that overstays their welcome or that old college buddy that leaves beer cans and potato chip crumbs all over your couch, if you thought that was bad etiquette, you’ve yet to see the worst. 

 

Imagine coming into the office and finding that your current work has gone missing, your valuable data has been completely disorganized and all your important files have been put in the trash. What would you do? I’m not referring to your paper trail, I am talking about what most businesses today share – the cloud.  

 

Cloud computing, particularly file-sharing, has its own essential and unwritten code of ethics. No one appreciates an ill-mannered cloud partner. For those reasons, we have put together a few etiquette tips to help you not overstay your welcome when utilizing the cloud.  

   

Rule #1: Make Your Names Clear and Concise. Be as specific as possible when naming a file or a folder so that everyone sharing it has a good idea of the contents without having to dig into the file itself. When you’re creating sharable folders, name them for the project rather than the people involved, so your colleagues don’t end up with a bunch of folders in their repository all carrying their name. Consider creating a specific file-naming convention that your business uses and make sure every employee understands it to avoid any confusion. 

 

Rule #2:Ask Before You Delete! When deleting from the cloud, the files aren’t just deleted from your computer - they’re deleted from everyone’s computer sharing that file. Make sure to never delete files or folders without asking. Better yet, don’t delete anything that you didn’t create yourself. You may think that you’re clearing up some extra clutter, while in reality you’ve just killed the report your officemate has spent hours creating. If you do happen to delete something you shouldn’t, you typically have about 30 days (depending on software) to recover the file. After that, you’re on your own to deal with the missing data and any angry glances your coworkers shoot your way.   

 

Rule #3: Size Matters. Be aware of the size of your files. Don’t add a massive 3 GB mega-file that’s going to take up all of that folder’s storage space. Bear in mind that just because you have unlimited storage does not mean everyone you’re working with does. Also, be sure to keep your data organized to avoid annoying others with unnecessary clutter. Do you have a habit of creating and sharing a bunch of notes that lead to a final project? Go ahead and delete those notes after the project’s completion, but only if you created them. See Rule #2. 

 

Rule #4: Create Clear Permission Protocols. Not everyone in your office should have access to every file. Make sure you have clear rules when it involves sharing. File-sharing willy-nilly is akin to a house guest just handing out all of your clothes to your neighbors with no documentation about who they went to and if they’ll ever be returned. When in doubt, don’t share unless you’re the owner of a folder or file.  

 

Rule #5: Maintain Accountability. Cloud computing works best when there is accountability. Sometimes there will be many individuals working out of the same project. It is important to keep track of who is working on which file and when, so you don’t end up with a bunch of overlapping edits or changes that you have to sort out later. Clarify out who is responsible for final updates and ultimately responsible for the files themselves. 

 

Working together is the only way we can make #thecloud a better place. Don’t be the person no one wants to share their cloud with. Simply follow these simple etiquette tips. 

Transitioning to the Cloud

Are you considering moving your company to the cloud? There are a lot of perks. First, it allows your company to scale up and down based on system needs more easily. When you host software onsite, you have to invest wholly in the server required, whether or not you’re utilizing that server fully. If the software is in the cloud, on the other hand, you only pay for what you use. Second, you have access anywhere you choose to be at any time, which opens up tremendous opportunities for remote work and greater efficiency.  

 

Finally, consider security. Data loss is not a matter of if — it’s a matter of when. And, unfortunately, it happens to companies of every size. More than half of businesses locate their disaster/backup systems in the same physical location as their primary system – red alert! If you only have one copy of your system’s backup at your office and your hardware fails or a breach occurs, then a backup is completely useless. In a bit of irony, it turns out that the safest place to be during a storm (whether literal or figurative) is “in the cloud.”  

   

So, let’s say you’ve finally agreed that it’s time to move to the cloud – where do you start? 

 

Here are some recommendations that can help you though the process: 

 

  • First off, moving to the cloud doesn’t have to be an all-or-nothing process. Companies that weren’t “born in the cloud,” meaning any company more than a few years old, need a plan for transitioning to the cloud. Establish the plan, let your data trickle into the cloud and take your time. No need to jump in headfirst. It is perfectly fine to keep your business operating in a hybrid cloud environment (some items on site, some in the cloud) for as long as you need, perhaps indefinitely.  

 

  • Make sure you know your data. Truly understand what is going on before you begin to move your data and applications. Say you’re going to sell your house — you first need to clean and organize your belongings before putting them all away in storage. The same exact concept holds true when it comes to transitioning to the cloud: clean and organize before you store. You may find that while a software works in the cloud, it may experience extensive lag and downtime. Knowing this before you make a move will significantly reduce frustration.  

 

  • Know your options: Public cloud, private cloud or hybrid cloud? Refer to our previous blog (To Cloud, or Not to Cloud) to learn the difference between these types of clouds. How much storage, bandwidth and support do you want to pay for? Make sure you tailor your cloud service to best fit your company’s needs. What works for someone else might not work for you.  

 

  • Do your research. Here’s the reality: we have heard and experienced the effects of far too many subpar cloud solution horror stories. Companies that were put up on a half-built cloud solution eventually had to return to their on-premise solutions. With unreliable cloud partners, comes hidden costs such as unexpected fees for the overuse. Choose a reliable provider. 

 

  • Define key roles. Who will have access? Who can add, delete or modify data? What responsibilities belong to who and how will this change with the cloud? It is crucial to know your staff’s access limitations. 

 

  • Add encryption. Most cloud service providers offer encryption features such as service-side encryption to manage your encryption keys. Who controls and has access to these encryption keys? What data is being encrypted and when? Ultimately, you decide how safe your solution is. 

 

While the road ahead may be tough, with these tips in mind, you can begin moving your business processes to the cloud safely and efficiently with the support of the right IT services team. 

To Cloud, or Not to Cloud

Everyone is talking about cloud computing these days and for good reason. The cloud is revolutionizing how computing power is generated and consumed. Cloud refers to software and services that run on the internet, instead of locally on your computer. When tech companies say your data is backed up “in the cloud,” it has nothing to do with those white fluffy things in the sky. Your data isn’t actually up in the cosmos or floating around in space. It has a terrestrial home. It’s stored someplace — lots of places, in fact — and a network of servers find what you need when you need it and then deliver it.

Cloud computing, if done properly, can make your business much more efficient. However, a cloud solution is only as good as the quality of the research, the implementation and the follow-through. So, how do you know if moving your business applications and data to the cloud is the right answer for you? There are few things you need to know about the cloud first. 

What exactly is the cloud? This is a tricky question in and of itself. Just like the clouds in the sky, there are many clouds when it comes to technology. In the simplest terms, cloud computing means storing and accessing data and applications over the internet instead of your computer's hard drive. It is using a network of computers to store and process information rather than a single hard drive.

Public vs. Private vs. Hybrid? Not all clouds are the same. You have options with public clouds, private clouds and even hybrid clouds. Choosing the right options for your business comes down to the needs and the amount of control you would like to have.

  • Public clouds: owned and operated by a third-party cloud service provider which deliver their computing resources such as servers and storage directly through the internet. With a public cloud, the hardware and software are owned and managed by the cloud provider. You access these services and manage your account using a web browser. 
  • Private clouds: unlike the public cloud, the private cloud is used by only one organization. A private cloud is one in which the services and infrastructure are maintained on a private network. Some companies also pay third-party service providers to host their private cloud.
  • Hybrid clouds: combine public and private clouds, which allows data and applications to be shared between them. Data and applications can move between public and private clouds as needed, offering better flexibility and more deployment options.

HaaS or Saas? Just like there are different types of clouds, when it comes to cloud computing, there are also different types of cloud services. Most commonly used cloud services fall into two categories: HaaS and SaaS. 

  • Hardware as a Service (HaaS) basically refers to leased computing power and equipment from a central provider. The HaaS model is very much like other hardware service-based models. Clients rent or lease rather than purchase a provider's hardware. 
  • Software as a Service (SaaS) utilizes the Internet to provide applications to its users, which are managed by a third-party. Unlike HaaS, this is a web-based model where software providers host and maintain the servers and databases eliminating hardware investment costs. 

Is it safe and reliable? As mentioned before, cloud computing is the way of the future. We know it is easy and inexpensive – but is it safe and reliable? What good is saving money and switching to a cloud solution if it will bring additional risks to my business? Most cloud service providers offer encryption features such as service-side encryption to manage your own encryption keys. So, in reality, you ultimately decide how safe your solution is. As far as reliability goes, in many cases, cloud computing can reduce the amount of downtime to seconds. Since there are multiple copies of your data stored all throughout the cloud, there is no single point of failure. Most data can usually be recovered with a simple click of the mouse. 

In the end, though, companies shouldn’t make decisions entirely based on what they are comfortable with or what is cheapest. What should be most important is deciding whether or not transitioning into the cloud will work for your business.

To cloud or not to cloud? The choice is all yours. Do your research and ask the right questions.

Fixing Your Weakest Link: Your Employees

You can have every piece of security hardware in the books: firewall, backup disaster recovery device, and even anti-virus. However, your employees will still be the biggest vulnerability in your organization when it comes to phishing attacks. How do you mitigate as much risk as possible?

  1. Create and Strictly Enforce a Password Policy: Passwords should be complex, randomly generated, and replaced regularly. In order to test the strength of your password go to howsecureismypassword.com. (This is a perfectly safe service sponsored by a password protection platform that tells you how long it would take a hacker to decode your password.) When creating a password policy, bear in mind that the most prevalent attacks are Dictionary attacks. Most people utilize real words for their passwords. Hackers will typically try all words before trying a brute force attack. Instead of words, use a combination of letters, numbers, and symbols. The longer the password, the stronger it is. While it’s difficult to remember passwords across different platforms, try not to repeat passwords. This will protect all other accounts in the event of a breach on one of your accounts.
  2. Train and Test Your Employees Regularly: Educate your employees on how they can spot a phishing attack. Then, utilize penetration testing (this is a safe phishing attack orchestrated by your IT company to see how employees respond) and how well they do. If employees fall for phishing attempts then send them through training again. We recommend doing this on a quarterly basis to ensure that your employees stay on their toes and you should provide education on the latest attacks.
  3. Create a Bring Your Own Device Policy and Protect all Mobile Phones: You can safeguard as much as humanly possible on your network, but your employees are all walking in with cell phones. Are they allowed to get work emails on their phones? What about gaining access to the network remotely? Cell phones create a big black hole in security without proper mobile device management and mobile security.
  4. Perform Software Updates Regularly: Make sure that your software is up-to-date with all the latest security patches. Holding off on updates means that you’re leaving yourself open to vulnerabilities that have been discovered and addressed.
  5. Invest in Security: Security is not something for cost savings. Home-based hardware is not sufficient, and you, at the very least need a quality firewall and backup device. Invest in your employee’s training, ongoing security updates, and maintaining a full crisis/breach plan.

There are two things that aren’t going away in any business, employees and security threats. Make sure that you’ve taken care of everything you can to avoid falling victim to these attacks.

How To Spot A Phishing Attack

Would you know if you were the subject of a phishing attack? Many people claim that they’d be able to tell right away if they received an email from an illegitimate source. If that were the case, there wouldn’t be 1.5 million new phishing websites every month. A 65% increase in attacks in one year! Hackers would have moved on to their next idea for swindling people out of their identities and money.  How do you spot a phishing attack and avoid falling victim yourself?

Look for these red flags:

Sender Email Address: Always check to make sure that the email address is legitimate. Amateur hackers will send things from Gmail or Hotmail accounts and hope you don’t notice. More sophisticated hackers will closely mimic an actual email domain, like amazonprime.com rather than amazon.com. Double check the email address before responding, clicking, or opening, even if the from name appears correct.

Discrepancies in Writing Format: If the attack is coming from overseas, you’re likely to notice some small issues in writing format, like writing a date as 4th April, 2019 rather than April 4, 2019. While this is subtle, it should be a red flag.

Grammar Issues: We all fall victim to the occasional typo, but if you receive an email riddled with grammar and spelling mistakes, consider the source. It’s likely from a hacker, especially if the email supposedly comes from a major organization.

Sender Name: This one is also difficult to track, but phishing emails will typically close with a very generic name to avoid raising suspicion. You should recognize the people that send you emails, or at the very least clearly understand their role at the organization.

Link Destination: Before you click on any link in an email be sure to hover over it. The destination URL should pop up. Check out the domain name of this URL. Similar to the sender email address, make sure that this address is legitimate before clicking.

Attachments: Is it realistic to expect an attachment from this sender? Rule of thumb, don’t open any attachment you don’t expect to receive, whether it’s a Zip file, PDF or otherwise. The payload for a ransomware attack often hides inside.

Email Design: A cooky font like Comic Sans should immediately raise red flags, especially if you don’t clearly recognize the sender.

Links to Verify Information: Never ever click on a link to verify information. Instead, if you think the information does need updating go directly to the website. Type in your email and password, and update your information from the Account tab. Always go directly to the source.

Odd Logo Use: Hackers try their best to mimic a websites’ look and feel. Oftentimes, they get very close; but they won’t be perfect. If something feels off, it probably is.

While there is no fool-proof method for avoiding falling victim to a phishing attack, knowing how to spot likely culprits is one step in the right direction. We’ll cover other protective measures to reduce your risk of falling victim to phishing attacks in our next blog.

While the number of people falling for sending personal information to the crown prince of Nigeria in hopes of receiving his promised wealth and riches seems to be dropping, phishing remains a major issue. In fact, the number of phishing campaigns pursued by hackers around the world increased 65% in the last year.

What exactly is phishing? Hackers mimic the emails, forms, and websites of legitimate companies in an effort to lure people into providing their private, personal information, like credit card numbers, social security information, account logins, and personal identifiers. The victim typically doesn’t realize they’ve been compromised until long after the event, and oftentimes only after their identity or finances are affected. In the past, an attack was carried out relatively quickly. As soon as the victim gave up their information, the hacker moved in and stole money from the compromised account. Today, it’s often more lucrative for hackers to sell that information on the Dark Web, resulting in longer-lasting and even more devastating attacks.

3 Types Of Phishing Attacks

Spear Phishing

Phishing attempts directed at specific individuals or companies have been termed spear phishing. Attackers may gather personal information about their target to increase their probability of success. This technique is by far the most successful on the Internet today, accounting for 91% of attacks.

Threat Group-4127 used spear phishing tactics to target email accounts linked to Hillary Clinton‘s 2016 presidential campaign. They attacked more than 1,800 Google accounts and implemented accounts-google.com domain to threaten targeted users.

Clone Phishing

Clone phishing is a type of phishing attack whereby a legitimate and previously delivered email containing an attachment or link, has had its content and recipient address(es) taken and used to create an almost identical or cloned email. The attachment or link within the email is replaced with a malicious version and then sent from an email address spoofed to appear as though it came from the original sender. It may claim to be a resend of the original or an updated version to the original. This technique could be used to pivot (indirectly) from a previously infected machine and gain a foothold on another machine, by exploiting the social trust associated with the inferred connection due to both parties receiving the original email.

Whaling

Several phishing attacks have been directed specifically at senior executives and other high-profile targets within businesses. The term whaling has been coined for these kinds of attacks. In the case of whaling, the masquerading web page/email will take a more serious executive-level form. The content will be crafted to target an upper manager and the person’s role in the company. The content of a whaling attack email is often written as a legal subpoena, customer complaint, or executive issue. Whaling scam emails are designed to masquerade as a critical business email, sent from a legitimate business authority. The content is meant to be tailored for upper management, and usually involves some kind of falsified company-wide concern. Whaling phishers have also forged official-looking FBI subpoena emails and claimed that the manager needs to click a link and install special software to view the subpoena.

Have you ever gotten an email from your bank or medical office asking you to update your information online or confirm your username and password? Maybe a suspicious email from your boss asking you to execute a wire transfer. That is most likely a spear phishing attempt, and you’re among the 76% of businesses that were victims of a phishing attack in the last year.

Method of Delivery

Phishing scams are not always received through email and hackers are getting trickier and trickier with their preferred method of execution. In 2017, officials caught onto attacks using SMS texting (smishing)Voice phishing (vishing) or social engineering, a method in which users can be encouraged to click on various kinds of unexpected content for a variety of technical and social reasons.

Ransomware: The Consequence

Phishing is the most widely used method for spreading ransomware, and has increased significantly since the birth of major ransomware viruses like Petya and Wannacry. Anyone can become a victim of phishing or in turn, ransomware attacks. However, hackers have begun targeting organizations that are more likely to pay the ransoms. Small businesses, education, government, and healthcare often, don’t have valid data backups. Therefore they are unable to roll back to a pre-ransomed version of their data. Instead, they have to pay their way out or cease to exist. Outside of ransom costs, victims of phishing campaigns are often branded as untrustworthy and many of their customers turn to their competitors, resulting in even greater financial loss.

Why are effective phishing campaigns so rampant despite public awareness from media coverage?

Volume: There are nearly 5 million new phishing sites created every month, according to Webroot Threat Report. There are now even Phishing as a Service companies, offering phishing attacks in exchange for payment. One Russian website, “Fake Game,” claims over 61,000 subscribers and 680,000 credentials stolen.

They work: Over 30% of phishing messages get opened, and 12% of targets click on the embedded attachments or links, according to the Verizon Data Breach Investigations Report. In short, these hackers have gotten really good at looking really legitimate. 

They’re simple to execute: New phishing campaigns and sites can be built by sophisticated hackers in a matter of minutes. While we think there are far more legitimate ways to be earning money, these individuals have made a living out of duplicating their successful campaigns.

Now that you have an understanding of what phishing is, our next two blogs will teach you How to Spot a Phishing Attack, and Fixing Your Weakest Link: Your Employees.

You’re prepared, at least mentally, to begin your migration to Windows 10 because you’ve read What Does Windows End of Life Mean to My Business? and Getting Ahead of Windows End of Life. Is your hardware ready, though? How you handle your IT (on your own, as needed support, or with a fully managed agreement) will change how you will have to deal with your transition.  The following items should help you decide how to prepare your hardware for the Windows 10 migration.

Do It Yourself

If you own all of your own equipment and deal with IT issues in house, then you will want to get started on migrating your devices now. The good news is that Windows 10 is highly compatible with just about every PC out there. If you run into trouble, it’s likely a vendor incompatibility issue, not Microsoft, itself, so you’ll want to contact them directly. When you have that handled, upgrading from 7 to 10 is as simple as running the ISO file from Microsoft.com, from a USB, or DVD. The bad news is that it will take significant time migrating every PC in your business. You’ll also need to deal with a backlog of Microsoft customer service support if you happen to run into any issues.  Remember that almost 70% of the world’s computers are still running Windows 7. It’s almost guaranteed that others will run into issues and need support, as well. 

MSP

If you are with a managed service provider, you should be just fine. In fact, you likely already have a plan in place from your most recent business review. Over the course of the next few months, your IT company will ensure software compatibility with all of your line of business applications and contact any necessary vendors and schedule a time with you to come out and run the update once their sure everything will go smoothly. Now, would also be a good time to consider any hardware upgrades that you’ve been needing. All new PCs will automatically come with Windows 10, alleviating any upgrade issues now or in the next three years or so. The best part of it, you have to do nothing. No downtime for your business, no extra IT work for you, and no worries.

If you’re on a full managed services agreement, the upgrade is more than likely covered and any hardware needs will be handled on a new monthly payment plan (HaaS agreement). If you’re on a partial agreement or break/fix model, you’ll likely be billed for the time required to complete the upgrade. Either way, your IT company will have you completely in hand. Just remember that your service provider will soon be booked solid assisting other clients with this transition. It’s important to schedule now so you’re not left waiting. 

Time to Get a Contract?

If you’re reading this blog as someone that had planned to do this upgrade on your own but have now decided that you don’t have the time or desire to do so? It’s time to contact Prestige Computer Solutions. We’ll make sure that you’re taken care of through Windows 7 end of life and well beyond.

Getting Ahead of Windows End of Life

With Windows 7 end of life quickly approaching, it’s time to start thinking about what needs to be done to prepare. Technically, regular Windows 7 support has been dead since 2015, however, the extended support period is over January 2020, which means no more updates or security patches. What should you be aware of for EOL? Get ready, you may have some work to do. 

Many are concerned that their PCs will stop working. That is not the case. Your Windows software will work, but its security will depreciate rather quickly, which could put your PC in danger of cyber-attacks and viruses. Back in 2014, Microsoft ended support for Windows XP. It affected 40% of computers worldwide. Now, years later, it is estimated that about 7% of computers are still using Windows XP. These computers are the ones hackers like to target because of the security holes caused by lack of regular patching. 

Currently, about 70% of businesses worldwide use Windows 7, so it's highly likely that you need to take action before Windows 7 retires. The more systems you have on Windows 7, the sooner you need to prepare. Here‘s a quick action plan:  

  • Determine how many systems need an upgrade. Simply take a count of all the systems running Windows 7 or, if you still have some, Windows XP. If systems are on Windows 7, and the hardware is up to par, you likely will be able to do a simple license upgrade.  
  • Assess your hardware. Windows 10 will not work on all hardware systems. You may need an upgrade. Contact your IT provider to help you determine if your hardware has the right specs. The easiest way to tell? If your hardware came out in the last three years or so, you’re probably in the clear. We recommend upgrading your hardware about every three to four years to avoid any compatibility issues.
  • Create a timeline and budget. You don’t have to make all these changes all at once. You could plan them out up to and including January 2020, but we recommend getting started sooner rather than later. Again, your IT provider will be able to help determine your best path forward.
  • Create contingency plans. Unfortunately, not all line of business applications will immediately jump to operation on Windows 10, particularly if you’re utilizing an older version of the software, or if your software provider has gone out of business or moved to their own end of life cycle. Sometimes this is inevitable, but you need to be able to quarantine these vulnerable systems from the rest of your network as much as possible or take the time to plan your upgrade now. A quality IT company will be able to help you make the decision, as well as set up a test environment so that you know your contingency plans are working long before you need them.
  • Training Your Staff. While the transition from Windows 7 to Windows 10 is not the monumental shift past software updates have been, the new system does take a bit of getting used to. Plan time to work with your staff one-on-one or in a group so that you don’t end up with them wasting time tinkering or trying to figure out why their favorite button isn’t where it used to be. Your IT provider should be able to provide this user-based training for Windows 10, as well as the majority of software you utilize on a daily basis.

Keep in mind that Windows 10 end of life takes place in January of 2025; so, while planning, ensure your devices can make the switch again in a few years, or that you’re budgeting for another upgrade. Also, document your processes during the shift. This could make life so much easier down the road. Most of all though, act. You don’t want to be stuck without security patches or an up-to-date operating system. It's like hackers can smell your outdated system and will gladly break-in. Protect yourself and your business and begin planning sooner than later.

You’ve all heard the panic. Windows is cutting off support for its widely popular version 7 software. January 14, 2020 will officially mark Windows 7 End of Life. Many companies have used Windows 7 since its onset in 2009 and are still actively using it today. That means you will need to migrate every single device. It’s possible you’ll need to upgrade your hardware as well. So, what’s the big deal? Can you just stick with Windows 7 or will your computer self-destruct?

 

The good news is that your computers will work just fine after the End of Life date. However, just because your computer will function doesn’t mean it’s wise to hold onto outdated software. The largest concern for Windows 7 users is security. Since updates and support will no longer be available, your device will be extremely vulnerable to cyber threats. In fact, this is a bit of a hacker’s dream. They are standing by, knowing people will neglect to update their operating system.

 

Windows 7 is actually already in its ‘extended support’ phase and has been since 2015! Microsoft ended mainstream support including new features and warranty claims. Yet, throughout this time Windows has kept virus patches and security bug fixes up to date. With End of Life, that will go away. IT and security experts alike strongly suggest migrating your operating system to something current before the Windows EOL date. Theoretically, you could pay for Windows 7 extended support on each individual device, but the costs will build up faster than simply migrating. Not only that, but specific security and bug fixes will also be more expensive and charged on an individual basis.

 

Currently, there are a few options to choose from when it comes to Windows 7 EOL. Don’t be cheap and go to Windows 8. Though it is a newer version, it’ll only be a matter of time before you need to migrate all over again. You could transition to Windows 10 (recommended). If you are worried about cost efficiency, you could try a free operating system like Linux. It will take some research to find the specific Linux platform that’s best for you, but it may be worth it if you’re someone who likes to tinker. Then, of course, you could swap to a Mac altogether. Just keep in mind that Apple’s products are pretty expensive and you may need to re-purchase certain business applications.

 

It’s important to begin working with your IT Company on this migration as soon as possible. They’ll take a look at the devices you are using, determine how many are utilizing Windows 7, and ensure your hardware isn’t out of date. Not all computers will be able to handle a new operating system, which could make a migration take much longer, more difficult, and costlier as you upgrade hardware. Your IT company will provide a recommended path for an upgrade with a clear budget and timeline for completion.

 

Overall, take some time to plan your transition. Talk to us if you need additional help or options. Most of all though, get moving now. EOL will be here in no time.

Why are you so popular?

You’ve heard about many of the scams that exist on the internet now. It’s tough to simply look at your emails without noticing several phishing emails sitting in your inbox. Lately, the largest influx of social engineering scams has come from social media.  As of right now, worldwide social media users total 2.34 billion according to Statista. That is a lot of people to target, and hackers are taking advantage. How? Fake accounts. Forbes estimates that there are over a half billion fake social media profiles in circulation today. There are four main ways these cyber-criminals are utilizing social engineering via social media.

Swaying Public Opinion

The most recent large-scale example of utilizing fake accounts to sway public opinion was meddling in the 2016 election. When investigating, Facebook not only found millions of fake Facebook accounts, but they also found that there were Facebook ads created to sway American voters. The ads and posts came from profiles that looked legitimate, but in all reality were conjured up simply to create influence with minimal effort. In addition to their obvious desire to affect election results, if people clicked on the ads, their computers were often infected with malware that would give away valuable personal info.

Fake Advertising

Have you seen the pages that say a celebrity talk show host is giving away XYZ prize or a big-name brand is handing out free gift bags if you share and like the page? All scams. The perpetrators hide behind names that look similar to the authentic celebrity or brand and rely on unwitting people to click, share, and like. These hackers then follow-up by selling your information to third-parties or targeting you with malware advertising to get you to keep coming back.

This technique goes all the way back to 2011 after Steve Jobs passed away. A fake FB ad claimed that Apple was giving away iPads in honor of his passing. Well, that ad went viral and thousands of people clicked on the link, which in turn infected their computers and devices.

Minimally Invested Profiles

Social engineering has gotten more complicated with (MIP) minimally invested profiles and (FIP) fully invested profiles, found mostly on Facebook and LinkedIn. MIPs are created in bulk, and they usually have very little original content on them, as well as a sexy or provocative profile photo. These hackers go around making friend requests willy-nilly in hopes that their picture will intrigue people to add them. They'll eventually send you malware via FB messenger or put rogue posts on your Facebook wall.

Fully Invested Profiles

The FIPs that get created take a little more time and effort, however, they are more efficient because they really look the part. To an untrained eye, a profile like this could pass as an acquaintance. The best way to crack this mystery profile is by looking at their friends, seeing if you already have a friend by that name, as well as scouring the content of their posts. If this raises even one red flag, it's likely it’s a fake profile.  People using this technique target you on Messenger with infected content, usually videos that lure you in because you “know” the sender.

These are just a few of the main ways that social engineers are using social media to target people. While snooping on your co-workers, checking to see what crazy Uncle Larry just posted, or simply browsing through memes, always be diligent and aware of your internet surroundings. In addition, make sure your firewall and antivirus are up to par! Don’t let a social engineer manipulate you into surrendering your information.

Even though ransomware attacks decreased in 2018, they remain a major threat in the cybersecurity landscape. So much so, that ransomware was recently featured on 60 Minutes. The story primarily covers three major instances of ransomware, two that affected municipalities, and a third that targeted a hospital.

All three were attacked in a way that encrypted every single one of their files and also encrypted some of the files within their backups, sending the organizations back to operating on pen and paper. Two, despite FBI recommendations, ended up paying the ransom to restore their data quickly, while the third decided not to pay the ransom and went about remediation on their own. 

The hospital was hit with a $55,000 bill, while one municipality (Leeds, AL) was able to negotiate payment down to $8,000. These ransom sums may not appear astronomically high, but that’s exactly how the hackers keep going. If they requested millions in ransom, no one would pay. An amount in the solid five-figures, though, feels doable for most organizations to get their precious data restored. The third entity (Atlanta, GA) suffered millions of dollars in losses and time in efforts to recover. Some of their data could never be recovered.

The story presented a very clear picture of the dangers surrounding ransomware; however, there were two major issues in the story. First, the entities covered were obviously major entities implying that you needed to be in the public eye to be affected. This is certainly not the case. In fact, nearly 50% of small business owners say their business was affected by a cybersecurity attack in the last year. Ransomware is not just for highly public entities. 

Perhaps more importantly, the story painted paying the ransom as the cheaper and often faster way to go. In very rare occasions, paying the ransom is the only option; but if you’re stuck in a ransomware trap, we do not recommend jumping straight into paying the ransom. Here’s why:

  1. Sure, after you pay the sum (typically in bitcoin), the vast majority of hackers suddenly become ethical and return your files. Let’s look at the reality, though. You’re relying on someone who just took your data hostage for an exorbitant fee to return that data to working order simply because you held up your end of the unwanted bargain. Sounds a lot like using hope as a data recovery strategy to us. At any point the hacker could respond, “Thanks, but no thanks!” or “Well, we thought this would be a sufficient amount; but we ran into snags with your recovery. We’ll actually need x number to finish the job.” 
  2. Prevention is a better strategy. If your back-up is set up correctly with an on-premises and multi-tenant off-site solution, you should be able to roll back to data that existed before the ransomware attack. Granted, you may lose some data in the process if the encryption gets into the backup like it did in the attacks covered in the 60 Minutes story. Losing some data is a lot better than putting yourselves up the creek financially by paying a major ransom. In addition to proper backup, ensure that you’re effectively training employees and stringently monitoring data coming in and out of your network. 
  3. Isolation is possible. In short, don’t store all of your valuable data in one place. If, on the off-chance, ransomware breaches your network, you don’t want to give it an open door to encrypt absolutely everything of value. Keep all critical applications on isolated networks to maintain global network safety. 

Ransomware attacks may be on the decline. However, that just invites the hackers to come up with a more creative way to scam you out of time and money. Perhaps phone ransoms are coming next. Regardless of what the hackers create, make sure you’re prepared and don’t have to rely on paying a hefty ransom to keep your business in operation. 

Cybercriminals are no longer some kid in a basement working on a computer. They are highly educated “professionals” with degrees in not only IT but psychology and other arears of human behavior. They use this knowledge to put together clever social engineering campaigns to trick you into giving them the information they are looking for. Below are some of the methods they use to achieve this end.

Email.
Although we are swamped with SPAM on a daily basis and we use SPAM filters and anti-SPAM solutions there is only so much the SPAM systems can do in trying to figure out the real email verses the bad email. The rest is on you. If you are like me you spend a few seconds on a new email to determine if it is something you need to read or delete. These cybercriminals are so good at what they do that they often have their emails chosen to read over the legitimate ones. We all know about the Nigerian prince that needs your help to get his money out the country all he needs is a few thousand deposited in an account to secure the deal. But most of the newer ones will attempt to trick you into believing the email comes from Netflix or your bank or Amazon etc… These are just some of the way’s social engineers’ prey on unsuspecting and trusting people. If sending money or willingly giving up information isn’t involved, then there is usually malware within the email. The links that can be clicked on will deploy malware to infect your computer files and obtain information about you or encrypt all your files and hold them hostage for a ransom. It’s amazing how prevalent these scams are. But if you’re educated on them, you won’t become a victim.


Posing as someone you know.
This can take several different forms, however the most obvious is copycat Facebook profiles. This is another prominent scam that cybercriminals use to trick people into thinking they are receiving a friend request from someone they know. The profile will often contain a few photos from the original person’s profile so it looks a tad more real. As unsuspecting friends add this profile, it begins to look more legitimate because of similar friends and associates. This profile can ask for money or send links containing malware to infect your computer, or even corrupt your Facebook profile gaining access to personal information. Another way cybercriminal can gain access to your information is by posing as someone within your company. They can send an email that looks like it’s from your boss when really its fake. Usually, something about the email address will be a bit off, if you’re paying attention. Letters are swapped around or a .net becomes a .com at the end of the email. As soon as you open it or click on a link, there goes malware infecting your computer. This scam is usually highly effective because it gets sent to everyone in the company, and people often take it as real from the boss.

Target people is through advertisements.
Considering ads are pretty much everywhere online now, creating ransomware ads is incredibly easy and a bit difficult to spot among the hundreds of people see every day. For this type of social engineering, cybercriminals literally deploy ad campaigns showcasing a product or a service. When you click on the ad, it downloads malware or ransomware onto your computer. Most of the time these ads are for anti-virus software or a pop-up will come on your computer saying your computer has been infected and to click the link to clean the virus. Tricky, tricky cybercriminals. 

Six Tricks to Better Digital Etiquette

It’s probably safe to assume that in one day you send more emails than you speak words. If you have a regular office job, you probably use email all day, every day. Sad, but true.

But because of this, it’s important to know the dos and don’ts of proper email etiquette. You don’t want to be giving off the wrong impression, do you?

Can I send an emoticon?
This is a bizarre one. In the past, absolutely no way. Now, however, things are a little different. Emoticons add a personal touch to emails and they can also help in your efforts to be humorous. If used correctly, an emoticon can make a detached email seem friendly or help soften an otherwise harsh body of text.

Is it funny or is it just awkward?
Writing is a funny thing because one sentence can be read a million different ways. One person may interpret something completely differently than you did based on how they read it, their education level, their personal experiences and the way the wind blew ever so gently that day.

This means you should always be careful when you use humor, especially in a professional context. What you find hilarious may come off as rude and belittling to someone else.

Stay away from Caps Lock.
When you capitalize complete words or sentences, people tend to feel threatened. They automatically think, “Is he/she angry with me?” Or they think you’re too incompetent to use a computer properly. Do you not know where the caps lock button is? Either way the cookie crumbles, it’s not good.

Use spell check.
The lines are so blurred nowadays that you finish emails through text messages and end a phone call when you physically walk up to the person you’re speaking to—however, this doesn’t give you the right to use bad grammar and spell words incorrectly.
Spellcheck your email and always make sure you use complete words. In emails, do not use: cuz, k, y? or ya. Save that for your texts, and even then, only with close friends and family. Your boss or manager likely won’t be impressed with poor English skills.

Is that a novel or an email?
Let’s face it. We don’t like big globs of text (take note of what you’re reading right now). It’s intimidating. If we receive an email with a massive amount of text, we glance through it (missing important information) or save it for later (and never come back to it).

When you write an email, keep it short. Break up your information and highlight key information (bold your font or use the highlighter function). If you can’t get your point across

Can you spot the Phish?

The most damaging thing that can happen to your business is Ransomware. The number one way it gets into your business is through an email attachment. These emails are called phishing emails. Would you know if you were the subject of a phishing attack? 80% of employees will open a phishing email. These crooked companies are very sophisticated and employ social engineers to figure out how to get you to believe the phishing emails they send are legit. With over 1.5 million new phishing sites every month, and over 70% increase in attacks in 2018 over 2017.
Hackers would not be doing this, if it was not so successful.

So how do you spot a phishing attack?

  1. Sender Email Address: Always check to make sure that the email address is legitimate. Amateur hackers will send things from Gmail or Hotmail accounts and hope you don’t notice. More sophisticated hackers will closely mimic an actual email domain, like amazon-online.com rather than amazon.com. Double check the email address before responding, clicking, or opening, even if the from name appears correct.
  2. Discrepancies in Writing Format: If the attack is coming from overseas, you’re likely to notice some small issues in writing format, like writing a date as 4th April, 2018 rather than April 4, 2018. While this is subtle, it should be a red flag.
  3. Grammar Issues: We all fall victim to the occasional typo, but if you receive an email riddled with grammar and spelling mistakes, consider the source. It’s likely a hacker, especially if the email supposedly comes from a major organization.
  4.  Sender Name: This one is also difficult to track, but phishing emails will typically close with a very generic name to avoid raising suspicion. You should recognize the people that send you emails, or at the very least, clearly understand their role at the organization.
  5.  Link Destination: Before you click on any link in an email, hover over it. The destination URL should pop up. Check out the domain name of this URL. Similar to the sender email address, make sure that this address is legitimate before clicking.
  6.  Attachments: Is it realistic to expect an attachment from this sender? Rule of thumb, don’t open any attachment you don’t expect to receive, whether it’s a Zip file, PDF or otherwise. The payload for a ransomware attack often hides inside.
  7.  Email Design: A strange font like Comic Sans should immediately raise red flags if you don’t clearly recognize the sender.
  8. Links to Verify Information: Never, ever click on a link to verify information. Instead, if you think the information does need updating, go directly to the website. Type in your email and password, and update your information from the Account tab. Always go directly to the source.
  9. Odd Logo Use: Hackers try their best to mimic the site’s look and feel. Oftentimes, they get very close; but they won’t be perfect. If something feels off, it probably is.

While there is no fool-proof method for avoiding falling victim to a phishing attack, knowing how to spot likely culprits is one step in the right direction. 

Contact us if you have any questions or need help with your cybersecurity. We provide ongoing training for your emploiees, please see our next lunch and learn event here you can RSVP now.

You may not realise it but HIPAA law requires more than just Medical facilities to adhear to the HIPAA regulations.

The following are the types of company’s that are required by law to perform HIPAA audits.

  • Hospitals
  • Urgent Care Clinics
  • Dental Offices
  • Nursing Homes
  • Behavioral Health Facilities
  • Diagnostic Labs
  • Correctional Facilities
  • Pharmacies

However In addition to the above there are many other businesses that are exposed:

  • IT Service Providers
  • Shredding Companies
  •  Documents Storage Companies
  • Attorneys, Accountants
  • Collection Agencies
  • EMR companies
  • Data Centers
  • Online Backup companies
  • Cloud vendors
  • Insurance Agents
  • Revenue Cycle Management vendors
  • Contract Transcriptionists

The following are the reports we provide:

HIPAA Policies & Procedures. The Policy and Procedures are the best practices that we have formulated to comply with the technical requirements of the HIPAA Security Rule. The policies spell out what your organization will do while the procedures detail how you will do it. In the event of an audit, the first thing an auditor will inspect are the Policies and Procedures documentation. This is more than a suggested way of doing business. The Policies and Procedures have been carefully thought out and vetted, referencing specific code sections in the Security Rule and supported by the other reports we provide.

HIPAA Risk Analysis. HIPAA is a risk-based security framework and the production of a Risk Analysis is one of primary requirements of the HIPAA Security Rule's Administrative Safeguards. In fact, a Risk Analysis is the foundation for the entire security program. It identifies the locations of electronic Protected Health Information (ePHI,) vulnerabilities to the security of the data, threats that might act on the vulnerabilities, and estimates both the likelihood and the impact of a threat acting on a vulnerability. The Risk Analysis helps HIPAA Covered Entities and Business Associates identify the locations of their protected data, how the data moves within, and in and out of, the organization. It identifies what protections are in place and where there is a need for more. The Risk Analysis results in a list of items that must be remediated to ensure the security and confidentiality of ePHI. The value of a Risk Analysis cannot be overstated. Every major data breach enforcement of HIPAA, some with penalties over $1 million, have cited the absence of, or an ineffective, Risk Analysis as the underlying cause of the data breach. The Risk Analysis must be run or updated at least annually, more often if anything significant changes that could affect ePHI.

HIPAA Risk Profile. A Risk Analysis should be done no less than once a year. However, Prestige Computer Solutions has created an abbreviated version of the Risk Analysis called the HIPAA Risk Profile designed to provide interim reporting in a streamlined manner. Whether performed monthly or quarterly, the Risk Profile updates the Risk Analysis and documents progress in addressing previously identified risks, and finds new ones that may have otherwise been missed and resulted in a data breach.

HIPAA Management Plan. Based on the findings in the Risk Analysis, the organization must create a Risk Management Plan with tasks required to minimize, avoid, or respond to risks. Beyond gathering information, Prestige Computer Solutions provides a risk scoring matrix that an organization can use to prioritize risks and appropriately allocate money and resources and ensure that issues identified are issues solved. The Risk Management plan defines the strategies and tactics the organization will use to address its risks.

Evidence of HIPAA Compliance. Just performing HIPAA-compliant tasks is not enough. Audits and investigations require evidence that compliant tasks have been carried out and completed. Documentation must be kept for six years. The Evidence of Compliance includes log-in files, patch analysis, user & computer information, and other source material to support your compliance activities. When all is said and done, the proof to proper documentation is accessibility and the detail to satisfy an auditor or investigator is included in this report.

External Network Vulnerability Scan.. Detailed reports showing security holes and warnings, informational items including CVSS scores as scanned from outside the target network. External vulnerabilities could allow a malicious attacker access to the internal network.

HIPAA On-Site Survey. The On-site Survey is an extensive list of questions about physical and technical security that cannot be gathered automatically. The survey includes questions ranging from how facility doors are locked, firewall information, how faxes are managed, and whether servers are on-site, in a data center, or in the Cloud.

Disk Encryption Report. Encryption is such an effective tool used to protect data that if an encrypted device is lost then it does not have to be reported as a data breach. The Disk Encryption Report identifies each drive and volume across the network, whether it is fixed or removable, and if Encryption is active.

File Scan Report. The underlying cause identified for many data breaches is that the organization did not know that protected data was stored on a device that was lost or stolen. After a breach of 4 million patient records a hospital executive said, "Based on our policies that data should not have been on those systems." The File Scan Report identifies data files stored on computers, servers, and storage devices. This report is useful to identify local data files that may not be protected. Based on this information the risk of a breach could be avoided if the data was moved to a more secure location, or mitigated by encrypting the device to protect the data and avoid a data breach investigation.

User Identification Worksheet. The User Identification Worksheet takes the list of users gathered by the Data Collector and lets you identify whether they are an employee or vendor. Users who should have been terminated and should have had their access terminated can also be identified. This is an effective tool to determine if unauthorized users have access to protected information. It also is a good indicator of the efforts the organization goes to so terminated employees and vendors have their access quickly disabled. 

Computer Identification Worksheet. The Computer Identification Worksheet lets you identify those that store or access ePHI. This is an effective tool in developing data management strategies including secure storage and encryption.

Network Share Identification Worksheet. The Network Share Identification Worksheet takes the list of network shares  and lets you identify those that store or access ePHI. This is an effective tool in developing data management strategies including secure storage and encryption.

HIPAA Supporting Worksheets. A set of individual documents are provided to show detailed information and the raw data the backs up the Evidence of Compliance. These includes the various interviews and worksheets, as well as detailed data collections on shares and login analysis.

For more information on HIPAA and our HIPAA Services and reports please feel free to contact us 

Why you need a Managed BDR Solution

Backup Disaster Recovery (BDR) is very different from traditional backups. Managed BDR meets the needs and challenges of today’s complex computing environments.

Fast recovery is the most important part of any backup and without a truly managed BDR system you are at serious risk.

Can your business operate for days or weeks without your computers and data? Regular backups, even offsite backups, no longer solve the need for fast recovery in today’s competitive business environments.

If you are hit with Ransomware how long, can you be down while your IT restores and rebuilds your systems? With regular traditional file backup models you could be down for days or weeks, while your critical systems are rebuilt and your data is restored. With a Managed BDR solution you can be up and running in a day or less, most systems can be recovered in as little as 15 min.

Backup and Disaster Recovery (BDR) is a combination of data backup and disaster recovery solutions that work cohesively to ensure a Company’s business continuity.

Prestige Computer Solutions Managed BDR keeps your business operations running by ensuring your data is always available. AI-based technologies proactively defend data against ransomware attacks, and with near-instant recoveries, avoid operational outages, loss of productivity and costly downtime caused by infections and recovery efforts.

Call us today to see how we can help you secure your business.

So what is the difference between traditional file backups and BDR? Take a look at the quick videos below.

You take all the necessary security measures. Firewalls, Anti-Virus, Backups Onsite and offsite, SPAM filters etc. But your biggest vulnerability in your business comes from your employees and the awareness on how to deal with phishing attacks.

So how do you address this serious issue?

  1. Password policy’s are important and should be enforced. Passwords should be at least 8 characters long to be effective. When creating a password policy, bear in mind that the most prevalent attacks are Dictionary attacks. Most people utilize real words for their passwords. Hackers will typically try all words before trying a brute force attack. Instead of words, use a combination of letters, numbers, and symbols. The longer the password, the stronger it is. While it’s difficult to remember passwords across different platforms, try not to repeat passwords. This will protect all other accounts in the event of a breach on one of your accounts.
  2. Education is key to keeping employees aware of the latest methods criminals use to try to trick you. Regular Employee training is the most effective method available to combating this problem. We recommend doing this on a quarterly basis to ensure that your employees stay on their toes, and you always provide education on the latest attacks.
  3. Protect all Mobile Phones, you can safeguard as much as humanly possible on your network, but your employees are all walking in with a cell phone. Are they allowed to get emails on these phones? What about gaining access to the network remotely? Cell phones create a big black hole in security without proper mobile device management and mobile security.
  4. Make sure that your software is up-to-date with all the latest security patches. Holding off on updates means that you’re leaving yourself open to vulnerabilities that have been discovered and addressed.
  5. Security is not something for cost savings. Home-based hardware is not sufficient, and you at the very least need a quality firewall and backup device. Invest in your employee’s training, ongoing security updates.

There are two things that aren’t going away in any business, employees and security threats. Make sure that you’ve taken care of everything you can to avoid falling victim.

Prestige computer Solutions offers Lunch and Learn training classes to businesses in and around the Middle Georgia Area. We hold classes in our facility in Warner Robins and Macon Georgia.

You can book online here for the next lunch and learn, Hacking the Hacker.

 

Do you need a Managed Services Provider?

What happens when you find out your server or network system is down? What do you do? How long does it take to get you back up? What is the cost to your business?

You can take proactive steps to minimize the cost of downtime.  But it can be tricky if you don’t have the essential expertise and time needed to manage your IT.


That’s why you need a Managed Services Provider (MSP)—to be the one-stop solution to all your IT Technology related challenges. A good MSP will provide you with a variety of solutions that keep your systems optimized and minimize downtime.

  1. 24/7 Systems monitoring eliminates potential outages by identifying problems before they become a major problem.
  2. Remote Support for quick effective Expert IT assistance to get your issue resolved.
  3. On-Site Support for those issues that need that direct level of support
  4. Quarterly system health review to keep you up to date with your technology and eliminate surprises.
  5. 24/7 Cybersecurity Monitoring and threat mitigation. Let the experts fight the security battles for you
  6. Employee Training is essential for your ongoing productivity. A Good MSP offers training as part of your unlimited services.

Because you’re serious about minimizing downtime, you need a good technology partner.
Only a true MSP can provide you with the necessary level of support you need to keep your systems running and your business functioning.

Give us a call today. (478) 971-1834
Prestige Computer Solutions is the largest and fastest growing MSP in the Middle Georgia area. We specialise in helping small businesses.

 

HIPAA and Social Media!

Social Media can certainly enhance the doctor patient relationship by announcing new services and information to patients thereby improving overall health awareness.  Healthcare providers need to be aware of the potential of exposing patient information when using social media to interact with patients. 

Billions of people use social Media content every day and over 40% of healthcare professionals use the same platforms to build and expand their professional network. Huge advantages can be made when using Social Media such as Facebook to provide notifications about new services. Facebook advertising can be used to target specific groups of people and let them know about a new or critical health benefit you offer. An example of this could be to target mothers of children of a certain age within a specific area that vaccinations are available or due.

Call us if you need to provide this type of service for you practice. We provide advanced profesional Facebook advertising.

So what actions on Social Media violate HIPAA rules?
According to HIPAA regulations, a violation or breach is unauthorized use or disclosure under the Privacy Rule which exposes the privacy or security of Protected Health Information (PHI).

Examples of common violations include:

  • Sharing pictures (like a team lunch in the workplace) with patient information visible in the background.
  • Sharing any form of PHI (such as images) without the patient's written consent.
  • Posting "gossip" about a patient to those who are not concerned, even if the name is not mentioned.

How much could a HIPAA violations cost?
People in the healthcare industry cannot treat HIPAA lightly. If an employee were found guilty of violating a HIPAA rule, that person and the practice could face a fine between $100 and $1,500,000. Depending on the severity of the violation, the employee might face a 10-year jail sentence, lawsuits, termination from the job, and the loss of medical license.

What do you need to do to prevent violations?
It is a good idea to have employees undergo training on HIPAA Security and HIPAA Privacy procedures and policies when they are hired. Topics that should be discussed include computer use, computer and mobile device security, and bringing personal devices into the workplace.

These procedures are crucial to making sure that employees comply with HIPAA rules and are protecting patient information, whether it be electronic, written or oral.

Do you work in the healthcare industry? do you need help managing IT and privacy issues? or do you want to do some profesional Facebook marketing? if so Feel free to give us a call today!

Is your internet Router Hacked ?

You all have probably heard the news clips on Russian hackers getting into your internet routers and steeling your passwords.  The question is how vulnerable are you and is this something you need to worry about? 

First if you are a business with a legitimate Firewall not a Router you are not at risk for this issue.  If you purchased your router from a retail store you may be at risk.  If you are not sure of what you have. Give us a call we can do a quick evaluation of your firewall and internet service for you.

This issue generally is only something that affects home users with retail store type routers. Vulnerabilities in some routers’ firmware code allow hackers to change some of the router’s critical settings. For example, altering the Domain Name Server (DNS) settings enables them to instruct your router to send your Internet requests to malware-infested servers and fake websites.  If that happens it could result in malware being downloaded onto your computer or mobile device and/or having your identity and online accounts compromised. Bad, bad stuff for sure.

To check your router and make sure you are not at risk you can use one of these free tools.  Visit this page on the F-Secure website.  After you click the button the tool will check your router’s settings to make sure they haven’t been changed to values that are known to be incorrect or malicious. The entire test takes mere seconds and the results will be displayed right on your screen.

here is a list of the most vulnerable routers

If you are unsure or you get a bad result please contact us we can help.

Managed Services! What is it exactly?

Well it is a term that makes no sense to the average non-IT person. Unless you work in the IT industry, you probably have not heard of Managed Services before.

Here is the skinny… Managed Services is a service offered by an IT company that takes care of all your computer and technology issues for you. In other words if it is IT related  Managed Services makes it so much better.

Now, a lot of people get the same look of confusion on their face when someone says Managed Services. That’s normal.  Just like the word Idiopathic make no sense to anyone but doctors, or architrave makes no sense to anyone but those in the building and engineeringl field.

So that is all fine and good, but what does it do for you and your business? And how does it make it better?

Let me see if I can break it down for you here:

Managed Services is known above all for its monitoring, IT company’s or Managed Service Providers (MSP's) use tools called RMM tools that allow them to proactively monitor all your systems and either automatically fix it or generate an alert for the technician to look at.  Usually we can fix a problem before anyone ever knew about it.   All this equates to less down time for your business and improved productivity.

Because of all this monitoring, you and your staff will experience very little downtime. Your computer network is no longer sputtering out of control. It does what it should, when it should, no matter what. Why?  Because a group of technicians make sure that it does.

Managed Services also automatically keeps your systems updated to the latest security patches this helps keep you one step ahead of the hackers and viruses that are looking to gain access to your systems. Also we are able to monitor the antivirus software keep it up to date and know when you have something bad going on before it gets out of control.

When you have fully Managed Services your IT Systems are… well, fully managed. From routine maintenance and automatic upgrades to proactive monitoring and instant support, your technology remains consistent because it’s consistently taken care of.

In other words, hurdles are all but eliminated. Problems are identified and corrected immediately, and your business can remain productive and free of IT challenges and complications.

It is always possible for you to still have a hardware failure and or a system break down now and again and you could still experience a network glitch here and there. But with Managed Services, this will not cost you anything. Because all this is bundled into a flat rate monthly support plan called Managed Services.

This means that those ridiculously large and out-of-control repair expenses go away completely. You finally have the full ability to successfully budget for your technology needs. No more guessing. No more hoping. No more praying. It is what it is and won’t change.

With the lovely combination of routine maintenance, proactive monitoring, and a flat, monthly rate, a fully Managed Services solution removes the element of surprise from your IT. There will be no coming to work on a Monday morning only to discover a broken-down network. There will be no large repair fees to wait for. And there will be no dreading an eventual collapse of your data. Managed services eliminates the surprises.

No more Googling. No more YouTube-ing. No more calling that friend of a friend. Managed Services is managed by a group of professionals who are experts at what they do. You are no longer the wannabe IT guru, and you no longer have to figure it out by yourself.

So hire an MSP. If you need help or advice, just call us.

If you want to check your password you can go to this link. It is safe and will give you a good idea how good your password truly is and how easy it could be for a hacker to crack it.


No longer do fancy symbols and upper-case letters and numbers have any importance.   Most hackers use computer programs that will zip through these like butter.  What does make it harder for them is the length of the password in other words you could use the following (This is my good and safe password) as a password and it would be much safer than Pa$$w0rd   again give it a try here.


The other thing that is important! is to change your password regularly.  I recommend changing password at least every 90 days and do not reuse old passwords. Also do not use the same password for all your systems.


Unfortunately, it’s not uncommon in our current culture to face major security breaches on our favorite platforms, such as the recent ones that involved LinkedIn, MySpace and Tumblr, where hundreds of accounts details went for sale on the dark web. Think about it. If you used the same password everywhere, attackers would be able to quickly access all of your other accounts quickly (and they know it).

What’s more alarming than that? Almost 90% of small business owners don’t feel like they’re at risk of experiencing a breach.

We at Prestige have a good handle on how to get this issue under control give us a call to see how we can help.

Don't leave your programs running

Some programs will develop issues if you leave them open such as QuickBooks.   Not to mention Word Documents Excel Spreadsheets etc.. It is always a best practice to exit and restart your computer at the end of the day. Doing this achieves two important tasks, one it logs you out and second, it makes sure all running applications are terminated.
The last thing you want is to find your critical data was not backed up because it was in use and you have now lost months of work.

Remember! reboot your computer at the end of the day to keep everything running well. Do not turn it off as security scans and patches are usually done after hours so as to not interfere with you while you work.

Computers do not live forever

But my computer is only 5 years old. Yes! it seems like only yesterday you purchased it. 

But like everything these days computers get old. Moving parts wear out and newer faster computer chips are developed. Those updates you must run to keep you safe etc. need more and more power and your old computer is now having a hard time keeping up.

So to keep up with the latest security requirements and run the applications you need you will have to accept the fact that 3 years is the designed lifespan of any computer desktop or laptop.

When looking for an IT Services and support company there are many factors you need to think about. The IT company should be a Managed Services Provider or MSP, how proactive the IT company is, are they able to respond in the event of an emergency.

Although most MSP’s use technology to remotely monitor and support your systems without going onsite, having an IT support company ready and able to come onsite to your business to fix an issue can be invaluable.
If you are experiencing low response times had difficulty accessing support from your IT company or you are thinking of looking for a Managed Services Provider here are a few reasons why you should consider a local IT support company.

1. Easy Accessibility & Quick Emergency Support
Arguably, the most important aspect of IT support next to proactive maintenance is the ability to easily and quickly access your IT support provider for quick support. Choosing a local IT service and support company allows you quick access to your IT support without the issues imposed by geography. In case of an emergency such as downtime, or virus attack, your local IT provider can respond in real-time.

2. Understanding of Your Local Business Environment
Using a local IT service provider can also provide your business with access to local IT experts that are not only versed in the day-to-day maintenance of IT systems but also understand challenges that other businesses in your geographical area face. Having this unique perspective can help your local IT service provider proactively suggest solutions to problems even before they occur.

3. Frequent Routine System Checks
While many routine IT system checks can be performed remotely, the local IT service provider also has the flexibility to come onsite to perform routine tests when needed. This allows your business to create a proactive IT maintenance that helps you prevent IT issues before they occur.

4. Cost Effective IT Support Services
Since most IT support services are priced hourly, having a local IT service provider who can get to you in no time, can help reduce your IT support service costs. The cost savings in travel time and expenses can be used for other strategic IT projects or even added to your businesses’ bottom line.

Local Georgia, GA IT Support Services Prestige Computer Solutions is located in Middle Georgia and from here we are able to provide local suport to companys throughout the state of Georgia with same day onsite support.
Most of our customers are located in Middle Georgia, Macon, Warner Robins, Perry, Fort Valley.

Ransomware!

According to the latest FBI 2017 Internet Crime report, losses of cybercrime victims exceeded $1.4 billion in 2017. 
The report data represents a total of 301,581 complaints filed with the Internet Complaint Center (IC3). 
This past year, the top three cybercrimes reported by victims were Non-Payment/Non-Delivery (84,079 victims), Personal Data Breach (30,904 victims), and Phishing (25,344 victims). The top three crime types with the highest reported loss were BEC ($676,151,185), Confidence/Romance fraud ($211,382,989), and Non-Payment/Non-Delivery ($141,110,441).

see full blog post here

Why you need a Managed Services Provider

First it is critical you understand the difference between a true Managed IT service Provider and one that just uses the words without understanding what must be done to actually deliver.

A true Managed IT services provider will provide you with a comprehensive set of solutions that will free up you or your staff to focus on the things that are important to your business. With Managed IT Services you can rest assured your systems are up to date monitored and optimized daily. Your security concerns are addressed and you have a team of highly skilled technicians dedicated to keeping you that way.

Why do you need managed IT services?
With today’s emerging risks to data security and advanced business technologies creating new levels of complexity, companies are realizing they could leverage expertise from Managed IT Service Providers (MSPs) to bolster network infrastructure, upgrade software, protect critical company data and provide vender management.  Whether a business is looking to leverage innovative HaaS (Hardware-as-a-Service) solutions, Managed Security or computer health and uptime management. Managed IT Services provide the advanced and dedicated IT support necessary to drive your business growth.

What are three reasons your business will benefit from proactive IT support?
1. 24/7 Monitoring and Support with Proactive Cybersecurity: Managed IT Services afford businesses the 24/7 security necessary to mitigate risks and, if a situation arises, restore you back to operation with speed. Even with an in-house IT department, sometimes it can be difficult to ensure that a business have the right talent on staff – at the right time – to handle a random IT issue. Infrastructure management, firewall and virus protection, WAN/LAN health monitoring, a fully secure virtual environment, disaster recovery, scheduled on-site support and more – all are available to your business with a managed IT service partner working to keep your data safe, secure and accessible 24/7.

2. Risk Mitigation & Reduced Downtime: Malware, hacking, loss of customer data due to breaches – or natural disasters. Not only can a managed services provider track and begin remediation of a known event more quickly and efficiently than the business could in the past, but through the robust tools available to managed services providers, many events can be headed off at the pass. Managed services organizations can determine that a failure is imminent in many cases, thereby allowing remediation efforts that will prevent the failure from occurring in the first place, which clearly reduces downtime and risk for the client company.

3. Controlled IT Spending – Finally! You can accurately predict and budget for IT maintenance costs and spend more time focusing on managing your core business. With the right IT service provider, businesses can experience a true partnership in the protection, maintenance and management of their business technologies – without the pain of absorbing unforeseen costs.

Prestige Computer Solutions Managed IT Services provide the proactive monitoring, measuring and maintenance your business technology needs to stay running – all the time.

Let Prestige Computer Solutions detect and prevent critical issues that could impact your productivity. Call Us today

FACEBOOK NOW SAYS the data firm Cambridge Analytica gained unauthorized access to up to 87 million users' data, mainly in the United States. This figure is far higher than the 50 million users that were previously reported.
Facebook's chief technology officer Mike Schroepfer shared this figure at the end of a lengthy—and somewhat unrelated—blog post Wednesday that laid out a slew of changes Facebook is making to restrict access to user data.

See full article here