Earlier this year, the SSL (Secure Sockets Layer) bug Heartbleed caused quite a stir when it was discovered. While the majority of systems affected by this bug have been patched, and are now secure from it, news has recently broke of a similar bug affecting Microsoft Windows Servers. If you use Microsoft Servers in your office, this is something you need to be aware of.
The new security problemOn November 11, 2014 Microsoft released a patch for nearly all versions of Microsoft Server, along with patch notes that included the reason why the patch was released. In short, it was released to plug a security gap that the company calls Schannel Remote Code Execution Vulnerability.
This cryptically-named vulnerability essentially allows hackers remote code access by sending specific packets of data to a server. Data packets are made up of basic units of data communication combined in order to send data over a network.
Hackers can structure certain data into packets then breach a bug in Microsoft Server software, potentially allowing a hacker full remote access to that server and the ability to execute whatever code they so choose, including giving themselves full access to the systems and data hosted on your server.
This bug is particularly destructive because it affects the Schannel library on servers, which is responsible for encryption and authentication in Windows.
What versions of Windows server are affected by this bug?This bug can potentially be found on nearly every version of Windows and Windows Server currently in use by companies, including:
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
- Windows 8/8.1
- Windows Server 2012/2012 R2
- Windows RT/RT 8.1
What should we do?While this appears to be a big issue, and in truth it is, Microsoft has noted that they are unaware of anyone actually exploiting this bug as of the writing of this article. The company has also released a patch - MS14-066 that is supposed to fix the problem.
Therefore, the best action you can take is to update all of your systems running Windows. While it primarily affects servers, this could become a widespread issue if systems are not updated. What we recommend is contacting us as soon as possible. We can help ensure that all of your systems are updated and protected from this bug.
If you would like to learn more about Windows and how you can keep your systems secure, please do call us today.
Is your business secure from the latest malware and security threats? The truth of the matter is that there is always a chance that your business and systems can be attacked and breached by a variety of security threats. One of the more common threats of last year was a nasty piece of ransomware called Cryptolocker. While the first version has largely been dealt with, there is news that a new version of this - called CryptoWall - which has surfaced.
What is Crypto malware?Crypto malware is a type of trojan horse that when installed onto computers or devices, holds the data and system hostage. This is done by locking valuable or important files with a strong encryption. You then see a pop-up open informing you that you have a set amount of time to pay for a key which will unlock the encryption. If you don't pay before the deadline, your files are deleted.
When this malware surfaced last year, many users were understandably more than a little worried and took strong precautions to ensure they did not get infected. Despite these efforts, it really didn't go away until earlier this year, when security experts introduced a number of online portals that can un-encrypt files affected by Cryptolocker, essentially neutralizing the threat, until now that is. A recently updated version is threatening users once again.
Cryptolocker 2.0, aka. CryptoWallPossibly because of efforts by security firms to neutralize the Cryptolocker threat, the various developers of the malware have come back with an improved version, CryptoWall and it is a threat that all businesses should be aware of.
With CryptoWall, the transmission and infection methods remain the same as they did with the first version: It is most commonly found in zipped folders and PDF files sent over email. Most emails with the malware are disguised as invoices, bills, complaints, and other business messages that we are likely to open.
The developers did however make some "improvements" to the malware that make it more difficult to deal with for most users. These changes include:
- Unique IDs are used for payment: These are addresses used to verify that the payment is unique and from one person only. If the address is used by another user, payment will now be rejected. This is different from the first version where one person who paid could share the unlock code with other infected users.
- CryptoWall can securely delete files: In the older version of this threat, files were deleted if the ransom wasn't paid, but they could be recovered easily. In the new version the encryption has increased security which ensures the file is deleted. This leaves you with either the option of paying the ransom or retrieving the file from a backup.
- Payment servers can't be blocked: With CryptoLocker, when authorities and security experts found the addresses of the servers that accepted payments they were able to add these to blacklists, thus ensuring no traffic would come from, or go to, these servers again. Essentially, this made it impossible for the malware to actually work. Now, it has been found that the developers are using their own servers and gateways which essentially makes them much, much more difficult to find and ban.
How do I prevent my systems and devices from being infected?Unlike other viruses and malware, CryptoWall doesn't go after passwords or account names, so the usual changing of your passwords won't really help. The best ways to prevent this from getting onto your systems is:
- Don't open any suspicious attachments - Look at each and every email attachment that comes into your inbox. If you spot anything that looks odd, such as say a spelling mistake in the name, or a long string of characters together, then it is best to avoid opening it.
- Don't open emails from unknown sources - Be extra careful about emails from unknown sources, especially ones that say they provide business oriented information e.g., bank statements from banks you don't have an account with or bills from a utilities company you don't use. Chances are high that they contain some form of malware.
If you are looking to learn more about CryptoWall malware and how to boost your security and protect your data and systems, then we could you your first line of tech defence.
Communication is a vital part of business. While customers certainly appreciate digital systems like email and chat, there are times when simply talking to someone is preferable. Because of this, and the fact that many businesses will always have customers who prefer to talk, most businesses do need a phone system. The question is: How do you find the right one for your business?
1. Know the types of systems out therePhone systems, as with many other types of technology, have evolved and changed drastically from the traditional phones that we are all familiar with. As a result, it pays to be aware of the four main types of phone systems available for small to medium businesses:
- Key systems - These systems are commonly found in many older small businesses as they were designed for up to 40 users. Typically, a Key system offers businesses basic features like hold, line switching, line management, etc.
- PBX - Private Branch Exchange, is private phone networking technology that enables businesses to manage up to hundreds of phone lines and numbers. PBX is usually employed by larger businesses who need multiple phone lines and the ability to network offices together.
- Hosted PBX - These are PBX systems that are managed and hosted by a provider. The system itself is usually housed offsite, which means less up-front investment for the company.
- Centrex - These are specific business features and packages developed for your business by a major telecommunications provider which are usually added onto your monthly phone bill.
- Analog - Traditional landline phone systems offered by phone companies, commonly referred to as PSTN (Public Switched Telephone Network). Analog is familiar to many business owners as it uses existing lines strung by telephone companies.
- Digital - Newer phone systems that use network connections to transmit voice communication. The most common of these systems is VoIP (Voice over Internet Protocol).
2. Consider these four questionsAs you are looking for a new system? If so, it might be a good idea to ask yourself the following questions:
- How many lines and phones will I need? This will likely be one of the first questions a vendor will ask when you start looking for a new system. Take some time to think how many phone lines you will need. For example, will you need one for every employee? Or will a line for every major office or department be enough? You will quickly find that some teams won't need lines at all, while others will need one for every person.
- How much do I want to manage this system? If you want to have complete control over every line, the supporting systems, and the hardware itself, then going for a hosted solution may not be the best of ideas. On the other hand, if you are looking for a solution that is simple to manage for you, then hosted or managed solutions might be the answer.
- How fast will my business grow? If you are expanding quickly, then you will need a system that can develop with you. Many landline systems require technicians to install new lines which can take time, so businesses that are growing quickly may benefit more from digital systems.
- What other equipment will I be using? This is important to know before you talk to vendors because some systems may not work well with existing technology, or other systems you may be using. If you make a list, vendors can then help you quickly find a system that is compatible with your other equipment.
3. Ask your users what features they needBefore looking for a new phone system, you should ask the people who will be using the system what features they need in order to do their jobs to the best of their ability. Some teams may need wireless devices in order to better talk to customers, while others might find video conferencing worthwhile; others still may need a more unified communications platform, including text and instant messages.
The key here is to develop a list of features that your business will need before looking for a new phone system. This will make it easier to find one that fits your needs.
4. Work with your IT partnerWe can work with you to help you find the best solution for your business; be it managed, digital, or analogue. If you are looking for a new phone system, contact us today to learn more about our solutions and how we can help.
IT is in a near constant state of evolution, largely because of the sheer number of technology-based systems and products released on a weekly basis. This fast-paced development has led to the creation of three major IT areas. It is essential that companies invest in these three areas if they want their business to succeed.
1. Commodity-oriented ITIT is made up of systems that support day-to-day operations, so it is essential that you invest in this area because it is what supports your core business practices. Without proper investment, your employees may not be able to carry out their tasks adequately. Commodity IT is essential but it does not bring increased value to your company. Sure, implementing a new email system could save money but it does not directly lead to increased profits.
One of the best ways businesses can get the most out of commodity IT is to first identify which systems the business relies on. From here, you can look to see if improvements can be made that will reduce overall expenses and increase productivity. Regardless of what you do with commodity IT, all changes and improvements should be operations-oriented; making jobs easier.
2. Business value focused ITBusiness value IT involves any system that supports key operations and processes that drive overall business value. Essentially, these systems are not only essential, but they allow businesses and customers to do what they need to do. A good example of business value IT for companies with online stores is the technology that supports the store. Without it, customers would not be able to make purchases from the company.
With this form of IT you want to invest in systems that increase the value you offer customers and employees, while increasing your bottom line.
3. New opportunity ITNew technology and systems can help give your business a competitive advantage when properly integrated, while increasing overall business value. A good example of this is leveraging a new social media platform to help gain customer insights, or implementing technology that allows your business to capture and analyze data quickly and easily.
Companies able to incorporate new technology will often find that they have somewhat of a first mover advantage, and if leveraged correctly you could see increased profits and customer retention.
Get a good IT strategyThe vast majority of companies choose to focus a large percentage of their IT budgets on commodity IT. What this results in is a focus on simply maintaining existing IT systems, without actually investing in new systems. Ideally, you want to minimize your technology upkeep expenses, and invest more in discovering new technology and systems.
How do you do this? That's where a company like us comes in. As your IT partner, we can help ensure that your systems are managed effectively, costs are minimized, and we can even go so far as to help you find and implement new systems. Contact us today to see how our solutions can help maximize your IT investments.
When it comes to running a business, you likely thrive on customer and employee interaction. If your customers aren't active, or employees are struggling to interact with each other and customers, you could be facing a downward spiral. One way companies try and reverse this stagnation, while simultaneously gaining important and useful data, is through gamification.
What is gamification?It's human nature to be competitive, and many of us exercise this nature by playing games. Be it team sports, board games, video games, or even office-related games, many of us partake in some form of game on a regular basis. Gamification is the incorporation of game elements, such as points, rules of play, competition, etc. into business-related processes.
By implementing game elements into areas like marketing or training, you can drive engagement, while also collecting better data, primarily because most people will be more willing to provide relevant information when they are invested in a game.
When it comes to implementing these elements into business processes, many companies tend to focus on either customer gamification or employee gamification.
Customer gamificationThe vast majority of customer-oriented gamification relates to rewards programs and repeat customers. Small to medium businesses who have successfully implemented these elements usually do so via social media and mobile apps. Repeat customers gain points for each purchase and when they reach a certain level receive a freebie perhaps or a rebate. This in turn drives the need to keep purchasing and to "win".
Many businesses have been successful in implementing this game characteristic into social media, where people who interact gain levels and therefore access to such benefits as discounts. Businesses implementing customer-oriented gamification often see both increased engagement and better data flowing into the organization. In fact, many businesses have found that the data implemented through these elements has been useful in decision-making and overall business intelligence efforts.
Employee gamificationEmployee-based gamification is usually employed by businesses to encourage teams and individuals to work together towards a common goal. For example: Implementing a point or badge-based sales system where at certain sales levels badges are awarded, which can then be used for a reward, has proven to be incredibly successful for many sales-oriented companies. Publicly announced results and recognized rewards can also be a great employee motivator.
As with customer gamification, employee gamification can be a great source of data. For example, by tracking where employees are, and their results, you can quickly see weak spots or places where help may be needed. Essentially, more data means the ability to make better decisions.
Should my company implement gamification?While this may sound like an exciting, and useful tactic to implement in your business, it's not for everyone and it won't fit well with all activities. What you should do is to look at whether the objectives and goals of the program you wish to implement can also be paired with gamification.
If you find that gamification, or elements of it, won't benefit your business program, then it's best not to implement it for the sake of it.
How to implement gamificationThere are a wide number of mobile apps developed around gamification, along with social elements and ideas. What we suggest is talking to us to see how we can help first. We can work with you to find solutions and ways to implement your solutions. Contact us today to start the game of business success.
Medical Group Management Association (MGMA) 2014 annual conference attendees were fortunate to get some tips for improving patient satisfaction from Joan Hablutzel, senior industry analyst with the MGMA—because doing so is essential to the success of a medical practice in an increasingly competitive health-care marketplace. Here are 10 of them.
- Say hello and smile when patients arrive to acknowledge their presence.
- Answer the phone in three rings with a consistent greeting to show the practice views the patent as an individual.
- Show empathy in your communication with the patent by observing his or her mannerism sand responding in kind.
- Explain what is going to happen, whether it’s a process or a procedure.
- Don’t interrupt when a patient is talking.
- Look for signs that a patient is dissatisfied or concerned—and when you hear concerns, don’t ever leave it at “I don’t know.” Find someone who does.
- Always respect patient confidentiality.
- Live up to your promises. Set time estimates and update patients if they change, apologizing when necessary.
- Say goodbye and wish the patient well upon departure to affirm respect.
One of the biggest business technology trends of the past half decade or more is the increasing amount of business that is conducted online. These days, many businesses have integrated online solutions into daily operations and have reaped the benefits. The downside to this is the on-going threat to online security. With an ever-increasing number of online attacks, it is important that you take steps to ensure that you remain secure. Here are five tips on how to maintain security while working on, or browsing, the net.
1. Use two-factor authentication whenever possibleTwo-factor authentication, or two-step authentication as it is also known, is the idea of using two pieces of information to log into accounts: Your usual password and a code that is usually sent to a mobile device or generated by a code generator.
By utilizing this safety feature, you can further increase the security of your accounts, largely because the chances of someone getting their hands on both the generated code and your password are slim.
Some sites don't use a code and instead ask a question that needs to be answered every time you log in. If this is the case, make the question something that is difficult for a hacker to guess. For example, use your address from 10 years ago instead of your current address.
2. Audit who has access to what dataBetween all of your online accounts and social media profiles you will likely be surprised at just how much information about you can be found online. There are a multitude of scare stories online, where someone has had their accounts hacked and identity stolen, largely because they had left pertinent information online without even thinking about it.
It is a good idea to audit what information you have online. This includes looking at the contact and personal information you have on social media profiles, account information, etc. Ideally, if it is not necessary information, then it shouldn't be shared. As for social media profiles, make sure only the absolute basic personal information is online and limit who can see this information.
3. Watch what is posted on social mediaBecause of the nature of social media, we often feel the need to share our whole lives online. This can often lead to oversharing, and even sometimes oversharing of personal information. There are stories online of thieves monitoring social media for businesses posting about how they are going to be closed for a holiday, with all staff gone. Once a thief finds this information, they then break into the business without worrying about people being there.
If you are going to share information online, be sure to limit the potentially sensitive information that you post, especially if the content is shared with the public.
4. Change your passwords regularlyIt seems like almost every week news breaks of a password or account information breach. What this translates to is the fact that your accounts are always facing a potential risk. Therefore, you should make it a habit to change your passwords on a regular basis.
Most experts recommend at least once every three months, but if there is a breach where your account information may have been leaked then naturally change your passwords straightaway.
To ensure maximum security, you should use a different password for each account, and keep these as separate as possible.
5. Work with an IT partner who can offer enhanced Internet securityEnsuring that your business is secure online can be an on-going battle that you will likely not win easily. One of the best steps to take is to work with an IT partner like us. We offer a variety of Internet security solutions that can help stop malware intrusions before they infect your systems, block access to potentially harmful sites, and even scan Internet-based email solutions. In other words, we can help improve your overall online security.
If you are looking to learn more about how we can help your business be secure online, contact us today.
When it comes to business continuity plans, many companies need technology in order to support their plan and systems such as backups and recovery. While this technology may be in place to support current continuity needs, there will come a time when this needs to be upgraded. The issue is how to know when an upgrade is really necessary? Here are five tips that can help you determine this.
1. New technology and systems offer increased resilienceWhen it comes to continuity and the systems supporting it, businesses need to ensure that they are resilient. This means implementing hardened systems that will remain working in adverse environments; systems like UPS (uninterruptible power supplies), etc., so that should a disaster occur services will still be available.
Beyond this, it is a good idea to implement systems that can be switched from one location to another quickly and easily. A good example of this is implementing cloud storage and backup which can be recovered to other systems with minimal fuss.
Technology that increases the resilience of your systems and continuity plans is worth implementing.
2. Enhanced data protection and availabilityDuring and after a disaster, it is vital that businesses have access to their data. If your data is not protected in an efficient manner, or easily accessible once it has been backed up, you could see a decrease in business effectiveness and delays in fully recovering.
Technology or systems that enhance data protection and availability over your existing systems are worth including in an upgrade, so that you can benefit from data being available when you need it most.
3. Systems offering increased communicationCommunication during and after a disaster is crucially important if your business is to survive and recover full operations. When a company faces disaster, communication networks need to be strong and available at any time. So, if you can find systems that enhance the ease and effectiveness of your communications then these could be worthwhile upgrading to.
4. New technology is available to simplify plan development and auditingIf you have developed a continuity plan in the past, you know that it can be a time consuming task. While essential, many business owners do not have the necessary time to commit to this. This is where systems and technology can help.
A system that makes the auditing and development of plans easier may be worth including in an update.
5. Technology that decreases costsWith businesses operating on narrower margins, many business owners want systems to keep costs low or at the very least ensure costs don't rise. If the systems you are looking at have been proven to reduce operating costs, then it may be a good idea to consider them.
It is important however to not integrate technology simply to save money. You should aim for solutions that are affordable, but that will also offer these worthwhile benefits and more.
We recommend talking to us to find out how we can help you find the services and technology your business needs to ensure your business continuity is not only working but will also deliver when you need it.
At the end of September, Microsoft held their now annual Windows event, where they announced the next big version of Windows - Windows 10. While it seems a little odd that they are skipping 9 completely, from what we can see, 10 is shaping up to be the best version of Windows to date. Here is a brief overview of what you can expect from the latest version of Windows.
Why Windows 10?When first announced, many eyebrows were raised regarding Windows 9 being skipped. In the tech world, missing out a number with a sequence is not the norm, yet Microsoft stated that they believe that the next version of Windows will be such a drastic improvement over Windows 8 that calling it Windows 9 would not do it justice. From what we can see of the new system, there really are some drastic improvements, including:
One operating system (OS), many systemsWhen Windows 8 was released, a slightly modified version of the OS was also released for mobile devices. While this was good news, especially for mobile users, the systems were still largely separate, with different apps, app stores, and more.
With Windows 10, Microsoft has noted that the OS has been designed to run across all systems. This means that different devices will likely have slightly different interaction experiences but the underlying system will be the same. For example, there will be one way to write programs for all devices, one app store, and updates will be applied to all versions of the same app, on all devices, at the same time.
A new, yet familiar, Start menuWindows 8 was a drastic departure from the familiar Windows desktop layout. For the most part, it was despised by business users, who instead have largely bypassed this layout for the traditional Desktop mode. Windows 8.1 allowed users to boot directly into the Desktop, but one large feature has been lacking: a Start menu.
Windows 10 welcomes it back! As with older versions of Windows, the Start menu will be at the bottom-left of the screen, and pressing it will bring up the familiar menu of programs and options. Only now, the old Tile-based layout has also been merged into this section. Think of the traditional Start menu bar, but with a mini-tile based section to the right that will be customizable.
Everything opens in a windowIf you've ever downloaded an app from the Windows App store, you likely have noticed that they automatically run in fullscreen mode. With Windows 10, any Windows Store apps will open in window-format, similar to any desktop app.
When apps open you will see the familiar taskbar, along with the maximize, minimize and close buttons. This will make it much easier to work in multiple programs at the same time.
Multiple DesktopsMicrosoft Virtual Desktops is a feature that will allow users to create different desktops for different purposes and switch between them quickly and easily. While you will only need to install Windows 10 once, you can have a different desktop setup for say home, personal, and business use all under one user.
Each desktop can display different icons and layouts, but all desktops will have access to the programs installed for that user. Essentially, this will make it easier for business users who also use their devices for personal use or those who need to switch roles at work.
An enhanced File ExplorerFile Explorer has been a part of Windows for a while now, and its main function is that it helps you to find your files and folders. In Windows 10, this feature will be upgraded to now search for not only your files and folders, but also to scan the Internet as well. You will also be able to quickly see recent and most popular files and folders, meaning you'll be more likely to be able to find what you are looking for in less time.
When will it be available?Microsoft has already released what they call a Technical Preview of Windows 10. Anyone can sign up to download Windows 10 and install it on their computers. We would advise against this however, as this version is incomplete and there will be bugs and compatibility issues.
The company has noted that this current version is really for tech experts to install on secondary computers and test, so business users will have to wait! At the time of this article there has been no actual release date set for Windows 10, but you can probably expect it sometime in early 2015. Microsoft has also been quiet about the price, but rumors are circulating that it will either be free or affordable for users to upgrade to if they already have an older version of Windows installed.
Get ahead of the curve and find out what benefits Windows 10 can bring to your business, by dropping us a line first.