alt tag

Posts from January, 2016

Transitioning to the Cloud? “Know Before You Go”

Tuesday, January 26th, 2016


The Cloud is here to stay—and growing before our eyes. Even the customer segment that the marketing world terms late adopters—the last people to “get on the boat” of tech trends—are finally taking a hard look at migrating at least some of their IT to Cloud-based apps.

One big reason is that their existing data center infrastructure has reached the end of the line. In the depths of the Great Recession, belt-tightening and bean-counting left many companies reluctant to spend the capital to replace their on-premise server equipment, squeezing out a few more years beyond their recommended service life. When it’s finally time to usher obsolete servers into retirement, IT managers are weighing the pros and cons of deploying Cloud services over purchasing new hardware outright.

Is the Cloud right for you? Maybe.

The hardware/Cloud argument isn’t all that different from deciding whether to purchase or lease a new automobile. Both options have tangible advantages—which, depending on the salesperson’s objective, they’ll play up. Hardware vendors will insist that direct ownership translates into a higher ROI over the long haul, while Cloud service providers will stress a speedier turnkey deployment with lower pay-as-you-go (or pay-as-you-need) pricing, eliminating a need for hefty upfront financing. Depending on who’s trying to sell what, it’s easy to play with the numbers—and leave the customer’s head spinning!

Before you turn to the Cloud simply because “Cloud looks cheaper,” don’t forget to read the fine print.

As we talked about in our Desktop-as-a-Service (DaaS) series last August, the flexibility of the Cloud can be tempered by vendors’ hidden charges, such as software license fees, shifting between “service tiers,” locking customers into a minimum number of desktops, or other unfavorable contract terms. Service that looked competitively priced at the beginning can look less attractive as costs creep upward.

A Top-Down Approach

Instead of basing these decisions on the bottom line, look at them from the top down. Which IT functions would be better served via the Cloud? Many companies begin with transitioning their email system from onsite servers to Cloud-based email, because the vendor becomes contractually responsible for keeping the system up and running 24/7 (when email goes down, so does your whole company!). They’ll also assume the required day-to-day maintenance of upgrades, add-ons, and security patches, as we know email is the primary gateway for hackers and malware.

We anticipate a future where most small businesses will rely on the convenience of the Cloud, simply networking each desktop into a single modular connection to an outside provider. Our point today is that transitioning to the Cloud involves a strategy for determining the logistics—what, where, how, and why. If you’d like some advice on crafting a successful Cloud strategy for your company, contact us.

Ransomware Is Getting Even Worse… and The Feds Can’t Stop It

Thursday, January 21st, 2016


As chaos reigns across much of the Middle East, our government steadfastly insists that “the United States does not negotiate with terrorists—because it will only encourage them in the future.” Meanwhile, visitors to our National Parks are warned never to feed bears and other wildlife—because those hungry bears may come to demand their next meal from campers!

Yet if cyber-gangsters in Eastern Europe hijack an American company’s data with an encryption virus before charging a hefty ransom to remove it, our same government recommends to “go ahead and pay them.” What’s going on here?

“Don’t Say We Didn’t Warn You…”

Over two years ago, we first talked about CryptoLocker and other ransomware—probably the most dangerous cyber-threat to businesses today.

This isn’t just another “nuisance” cooked up by a hacker in his dorm room. International organized crime syndicates have used sophisticated ransomware schemes to extort removal fees—typically between $200 and $10,000, paid in untraceable Bitcoin—from companies in the U.S. and around the world.

The newest strain of ransomware to be spotted “in the wild” is CryptoWall 4. Spread via email attachments and malicious websites, CryptoWall 4 is a “double-whammy”—not only encrypting vital hard drive data, but also scrambling filenames, making it impossible to tell which files have actually been infected.

It’s been determined that CryptoWall’s source is inside Russia—the malware is cleverly designed to ignore computers using Cyrillic-Russian keyboard language (Russian authorities are quick to prosecute Russian-on-Russian cybercrime, while the rest of the world is apparently “fair game”). Previous versions of CryptoWall alone have already robbed victims of an estimated $325 million—in Bitcoin ransom payments as well as lost productivity and residual costs (including legal fees).

Uncle Sam to Victims: Sorry We Can’t Help

What can our government do to bring justice to the victims of ransomware? As we’ve discussed, not much. Given our frosty relations with Vladimir Putin’s regime, Russian law enforcement is in no hurry to cooperate. At October’s Cyber Security Summit in Boston, Joseph Bonavolonta, Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program, confessed: “The ransomware is that good… to be honest, we often advise people to just pay the ransom.”

In other words, imagine being robbed at gunpoint on a busy street corner in broad daylight—while the cops watch and shrug. Yes, it’s that scary.

How Can You Protect Yourself?

  • Bitdefender is offering a free downloadable CryptoWall 4 “vaccine” to prevent infection.
  • Ensure all your PCs are always fully updated (Windows, anti-virus, firewalls, browsers) with the latest security patches.
  • Enable pop-up blockers on all browsers, and disable plugins from running automatically.
  • Backup all your data, all the time. Consider backing up the backups.

For more ideas on how to protect your company from ransomware and other emerging threats, contact us.

Standing Desks: Could They Improve Your Workplace?

Tuesday, January 12th, 2016


It’s been talked about everywhere from the New York Times to Men’s Health and Women’s Health: Sitting at a desk all day may be dangerously unhealthy.

Medical studies conducted around the world support the same conclusion: When a human body remains seated and inactive, it quickly enters its own “power-saving mode”—not unlike the computer you’re using right now. The internal processes that burn calories and break down fat slow to a crawl. Over a full workday, the body’s overall “fat burning” functions can shrink to as much as half the normal rate. That raises the long-term risks of obesity, diabetes, and heart disease, while pressure points on the spine can lead to other issues—from poor posture to lingering back pain. Prolonged sitting may even slow chemical circulation in the brain, affecting mood.

In today’s breakneck pace of Bay Area business, how many of your employees stay seated in their cubicles from 9 to 5—or longer? Do they skip meals and work through what was once generally considered “lunch hour”—hardly even getting up to stretch their legs? Will their productivity eventually be threatened by what researchers have dubbed sitting disease?

There may be a simple solution.

Stand and Deliver

More and more office workers—including employees of Silicon Valley heavyweights Google and Facebook—are experiencing multiple health benefits from standing desks. A Canadian study of standing desk users published earlier this year in Preventative Medicine revealed:

  • An average physiological increase of 8 heartbeats per minute (even higher for a treadmill desk!)
  • Higher HDL (“good”) cholesterol—and less (“bad”) LDL.
  • Reduced fatigue, tension, confusion, and depression—with more energy and focus.

Best of Both Worlds?

A standing desk may take some getting used to. Some users report a physical “break-in” period—like the soreness from a new workout routine. While many come to prefer standing, doctors advise that only standing or sitting still both carry potential health risks, and recommend alternating between the two. That could mean using height-adjustable desks (an online search will display plenty on the market, at varying price points) or using one or more “community” standing workstations, which employees can try for themselves and use whenever they’d like a change of pace.

The good news here is that simple “toggling” between different onsite workstations is another perfect application for Desktop-as-a-Service (DaaS). Instead of unplugging and re-plugging a laptop—or being left “anchored” by an immobile desktop PC—the user can simply log in from either endpoint, with full functionality (files, apps, email, conferencing, and more) hosted in the Cloud.

If your company has an in-house ergonomic specialist, run this idea by them… then talk with us about making it work.

Fake Phishing: The Ultimate Security Training?

Tuesday, January 5th, 2016


What is the current state of your company’s IT security training program—if you have one? Many companies settle for an annual group training session to broadly review the major types of cyber-threats—viruses, malware, and phishing.

The problem with once-a-year “standardized” training is that once employees go through it the first time, they may not fully pay attention in the future, thinking they’ve “heard it all before.” That’s when they’re most vulnerable.

“It Won’t Happen To Me”—Until It Does

Recently, a friend of ours—who normally prides himself on being “smarter than the average bear” when it comes to computer hygiene—confessed he finally got duped into downloading malware directly to his desktop PC. He tried updating to the latest version of CCleaner, a popular, trusted freeware utility which removes temporary files, cookies, and other unwanted clutter from a hard drive. But the page he was directed to had two different “Download” buttons… and he clicked the wrong one. After ignoring dire warning screens from his anti-virus program (“It’s only CCleaner,” he reasoned), he discovered he’d actually just downloaded several unfamiliar programs, masquerading as system processes in his Windows “Task Manager.”

The first consequence: an uncloseable pop-up window requesting payment to remove multiple “detected threats” (which he of course declined to pay). Fortunately, he immediately deleted all the “scamware”—via several malware-removal apps—before hackers could unleash more havoc. He was reminded to stay reasonably skeptical of almost everything online—and to never again let his guard down.

Time For Some “Tough Love”?

You can warn someone of looming cyber-dangers until they’re tired of hearing it… but sometimes the best education is simply “learning the hard way.”

A handful of security contractors are helping companies actually test their employees by providing fake phishing emails—which mimic the sophisticated tactics of genuine scams (offering bogus apps, phony “updates,” and more). When they click on a deceptive link, they’re quickly informed they’ve dodged a bullet:

“Oops! You’ve just fallen for a fake phishing email test. Luckily, your computer remains unharmed for now, but keep in mind this is how hackers regularly trick victims into compromising network security…”

One strong proponent of fake phishing is the Department of Homeland Security—which recommends federal employees who repeatedly fail such tests should have their security clearances revoked.

The point of fake phishing tests isn’t to anger or shame employees who unwittingly take the bait. The goal is to prove that cyber-threats are definitely real, and they should take security very seriously. Nobody wants to be the real victim.

For management, the overall “conversion rate” of a fake phishing test is a true metric of an IT security training program. If too many employees allow themselves to be conned by a simulated phishing scam, their existing training isn’t working.

For more ways to boost security measures within your business, get in touch with a local MSP.