Driving Without a Seatbelt
ITSSI News Team

Is commuting to work or driving to a client an essential part of your success in business?

Is counting on a functional computer or network of computers an essential part of your success in business?

If there was no seatbelt law, would you be driving without using one every day? Maybe just most of the time?

If not, then why would most small businesses either have no reliable backups, or at best, occasional backups?

We have had first hand experience with a client who skipped backups more often than not. Our client decided to forgo our recommendations on IT backup best practices and opted for a backup protocol that entailed daily swapouts of 2 external backup drives--one for the other. Unfortunately, our client did not follow their own protocol diligently and as a result, the backup was not swapped for 6 months. In addition to forgoing our backup recommendation and mishandling their own backup protocol, they also decided against dividing up access rights to different groups and limiting the read/write rights of the individuals, despite our recommendations that they should not allow everyone accessing all data files.

Around 2 P.M. on a Friday afternoon the irreversible Ransom Virus was launched by a user downloading a picture (so she thought), only to install a malicious program, which accessed all their data files (.doc, .xls, .ppt, .pdf, etc.), encrypted them, and asked for a payment of $300 to some foreign entity before they could provide a key to decrypt the files. To add insult to injury, the scale of the damage was not verified until the following Monday. In the meantime, the malicious software had enough time to render all 3TB of company files unusable. Furthermore, that very night, the good copy of the files on the backup drive was overwritten by the encrypted version. Ouch!

The total amount of damages ran into $1000's and 6 months worth of data lost.

Avoid catastrophes like these in the future by investing in a thorough backup solution. ITSSI can help your company to avoid such catastrphic events by setting up the following precautionary measures:

- A solid multi-unit automated backup processes, including off-site storage.
- AntiVirus and AntiPhishing measures, both at the perimeter and on desktop level.
- Limiting access rights based on group participation.

3rd March 2014
Retiring XP
ITSSI News Team

For many small business owners, running their business on the idiom "If it ain't broke, don't fix it," is often considered sacrosanct. But on April 8, 2014, that idiom can prove to be detrimental as Microsoft will officially end its support of the XP operating system.

What this means to small business owners that have computers still running XP is that they will be vulnerable to security threats as Microsoft will no longer provide updates for the XP operating system. Therefore, computers running Windows XP will become "weak links" in a company's IT infrastructure and will be the most targeted point of future attacks as security vulnerabilities that are found beyond the April 8th date will no longer be addressed or provided. It is pivotal for all businesses to upgrade their computer systems to Vista and above, but it is even more crucial for small business owners, as an attack on their IT infrastructure will be more costly and more difficult to isolate.

ITSSI is dedicated in identifying security vulnerabilities such as these. Whether it's with known end-of-life announcements or other more subtle vulnerabilities that should be addressed in any IT infrastructure. ITSSI can close down such security vulnerabilities at the firewall level, email level, and desktop level, and has the tools to prevent even human elements that would pose risks to a company's IT backbone.

If you would like a consultation about your current IT infrastructure and backbone then don't hesitate to contact us. We would be glad to assess your IT goals and needs. The best part is that consultations are free.

13th March 2014
Heartbleed Bug
ITSSI News Team

A new security threat has poked its ugly head called the Heartbleed Bug. It isn't a virus, but rather a bug in the encryption protocol that network systems use to communicate with each other securely. If exploited (along with enough time), outside threats can acquire passwords and other sensitive information that can compromise your IT infrastructure and security.

The bug has received quite a bit of fanfare (it has even received its own website) and rightfully so. The bug exists at the level of encrypted communication. When an individual establishes a secure connection between themselves and a server, the most likely protocol they use is SSL/TLS, which keeps the communication encrypted (garbled essentially) to everyone except the individual and server that have accepted and established the secure mode of communication. Occasionally, during an established, encrypted communication, a computer might want to check if the other side is still responsive and will send a data packet to get a response. This is known as a heartbeat.

By using a well disguised heartbeat packet, an attacker can request a heartbeat response and trick a server at the other end to send back more than just a heartbeat response. It will ask the server on the other end to return information stored on the server's memory, which can have sensitive information on it such as passwords, encryption keys, and other sensitive information. If this seems confusing to you at first, this comic might help illustrate the point a bit better. Once that information is accquired, attackers can simply "walk through the front door" of security walls and attack and/or exploit network systems directly.

In the last few weeks, various security companies of all kinds - from firewall manufacturers to software security firms - have been developing and deploying patches to address this bug. However, simply updating software/firmware may not be enough. Certificates might need to be replaced and passwords reset as well. ITSSI can help assess the security vulnerability that your company has been exposed to due to this bug and can create a recovery plan. If you would like a free consultation about your current IT infrastructure and security exposure then don't hesitate to contact us. Together we can get your IT security back on track.

24th April 2014
Understanding Azure
ITSSI News Team

Microsoft has made one giant step forward in the cloud computer market with its full throttle promotion and marketing of Azure. Microsoft Azure is a cloud application platform with Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) structures for businesses to minimize hosting costs, expedite infrastructure procurement, and provide flexibility in project development. In a nutshell, it allows businesses to use Microsoft’s IT infrastructure as hosting for their content, allow user friendly interfaces to allow them to configure their infrastructure as needed, and for employees to collaborate on projects in a whole host of different languages.

At first glance, this might seem to be overkill for small businesses, but in reality it gives far greater flexibility for growth. Here's why: The biggest issue that small business owners find themselves is not investing in a proper IT infrastructure. They will spend the bare minimum to get things going, but such bare bones infrastructures provide no room for growth or scalability. As a result, IT performance quickly becomes slow and migrating over to a newer, better infrastructure becomes costly. With Microsoft Azure, budgeted monthly installments can acquire a high-performance IT infrastructure that's both scalable and can accommodate growth. Expensive migration from older IT infrastructures to newer ones becomes nonexistent and no longer time consuming. Therefore, with Microsoft Azure, new small businesses can quickly acquire a customized IT infrastructure that fits their needs and easily grow as needed. This does not mean that established small businesses with in-house IT systems cannot take advantage of Microsoft Azure. Azure's ExpressRoute enables private connections between in-house IT systems and off-site Azure infrastructures. This allows established businesses to take advantage of Microsoft Azure's flexibility, scalability, and high-performance.

However, the most important feature that is not highlighted by many articles you might read on Azure is Azure's SQL Database. Almost every small business has some sort of third party database software suite. Whether it's for inventory management, accounting, customer relation management, or some other use, most businesses have at least one database that keep businesses running. As the need for customization and expansion grows for a business, so does a business' database. With SQL Database being supported by Azure, it provides the same scalability and flexibility as discussed already. Plus, it allows businesses to hire on key personnel regardless of location to provide database customization and other services, making database customization far more cost effective.

Cloud level project management is a key new service that ITSSI is now embarking on. We provide consultation on how businesses can take advantage of Microsoft Azure and it's cloud solutions and make it fit the needs of your business. For free consultation on cloud solutions using Microsoft Azure, do not hesitate to contact us.

14th May 2014