alt tag

Posts Tagged ‘solution’


Network-Attached Storage: Data Backup and Transfer Options for Small Businesses

Thursday, March 9th, 2017

upload-2013228_640

Network-Attached Storage (NAS) servers are a great asset for small businesses managing data. For the uninitiated, NAS is essentially a streamlined server designed specifically for sharing files between devices.

Because of their simplified nature, NAS devices are typically easier to use and substantially more cost-effective than full-fledged servers.

While most NAS solutions are space-efficient standalone server boxes, some higher-end routers can also be used as NAS devices by attaching an external hard drive. If your office is looking to increase productivity and improve disaster recovery, NAS may be worth its weight in gold.

Easy-to-Use Data Storage

NAS devices work as an inexpensive, easy-to-use data storage option for your business. These devices are so simple to configure that your office doesn’t even need to have a local IT staff to use them. Once configured, accessing the storage can be as simple as using Explorer or Finder as you would with any internal storage device.

Practical Backup and Recovery

In their most practical form, NAS devices can be used as a backup and disaster recovery option for office computers. This way, if a computer hard drive fails or a laptop gets destroyed, your staff can recover recent versions of important documents and files.

However, NAS does not replace the need for Cloud or off-site backups for vital information. An office fire, for example, would wipe out desktop computers and the NAS. Combining both NAS and Cloud backup processes gives your business the best level of protection from data loss.

Faster Information Sharing

NAS is also a viable business continuity option as it does not require Internet connectivity to work. Employees who use multiple devices, such as a laptop, desktop, and tablet, can use the NAS to access the same files from any deviceThese data servers are also excellent for employees collaborating on the same files; gone is the need to use email or Cloud storage to sync or send updates.

Cost-Effective Hardware Comes at a Price

NAS devices aren’t as sophisticated as traditional servers. Designed only to focus on sending and receiving data, they offer substantially less processing power. You won’t be able to use a NAS device to run an email server, for example, or to run any server-based applications. For these, you’ll need to look into server management solutions.

Because of this trade-off, however, NAS devices cost a fraction of the price of a dedicated server. Moreover, your business doesn’t need to worry about wasting money buying too much or too little storage because you can install additional hard drives in the NAS device as needed.

Security Issues

As mentioned above, NAS servers should not be used as a replacement for an off-site, Cloud-based backup. IT professionals often recommend storing important data in at least three locations: two “on-site,” which includes the computer and the NAS, and one “off-site,” like a Cloud service. Additionally, if your business is using NAS storage, you’ll want to make sure it is only visible to authorized individuals. Security in this case could include something as simple as password-protecting the Wi-Fi.

Use our wealth of knowledge at MPA Networks to your advantage to meet your business’s server and storage needs. Contact us today.

Boost Productivity and Security with Google’s Cloud Applications

Wednesday, January 11th, 2017

Afficher l'image d'origine

For anyone unfamiliar with the Google Applications platform, Google Docs et al. are a Cloud-based spin on mainstay office suite programs that can help your staff work better together.

With a zero-dollar price tag (compared with Microsoft Office’s hefty annual subscription fees) and the potential to boost both productivity and IT security, Google Docs shines as a collaboration tool.

For many types of projects that require teamwork, Google Docs streamlines solutions to the most challenging continuity and security issues inherent in transferring multiple versions of the same file between staff members.

About Google Docs

Google’s DocsSheets, and Slides applications offer many of the same features as Microsoft’s Word, Excel, and PowerPoint, respectively. As browser-based applications, however, they are platform-agnostic, and will work across any device that runs a compatible web browser.

According to CNET, Google Docs does not compete with Microsoft Office feature-for-feature, but instead tries to emphasize the features that are most useful for the typical user. These applications can function in conjunction with existing office suite programs or, depending on your preferences, as a standalone service.

Productivity Perks

Google Docs, Sheets, and Slides offer incredible continuity perks that facilitate collaboration in a huge way. Employees share access to files on Google’s applications through a Cloud-based storage platform called Google Drive, where the files update automatically every few seconds to ensure that everyone accessing them sees the latest version. This makes it easy to edit a document before sending it to a client, or use a spreadsheet as a checklist to keep track of progress on a project in real-time.

The Google application suite eliminates scenarios such as accidentally grabbing an old version of a document/spreadsheet and wasting time merging two sets of content into one file. As a bonus, Google’s web apps free up IT staff to work on other projects because they no longer need to spend time implementing Microsoft Office on employee devices.

IT Security Perks

Google’s range of tools offers several benefits from an IT security standpoint. Cloud-based systems like Google Docs reduce the need for employees to transfer files via email, minimizing the risk of spreading phishing links and viruses. And while it may not be the best option for storing confidential information or files, the platform-agnostic nature of Google Docs allows for easy access to shared files on a wide range of device types, including Windows PCs, Macs, Linux PCs, Chromebooks, iOS devices, and Android devices. This flexibility allows IT teams to take advantage of more secure platforms and limit the device pools that could spread malware. 

If you’re looking to increase workplace productivity and security, the IT consulting experts at MPA Networks are ready to help. Contact us today to get started.

Troubleshooting Step 1: Reboot

Wednesday, October 12th, 2016

button-161555_640

While modern computers are much more stable than their ancestors, trying to get work done on a slow, malfunctioning computer is still a business world rite of passage. Troubleshooting bad behavior on your work computer can, of course, be a tedious process—so wouldn’t it be nice if there was one magic button that could solve around 90 percent of your IT problems?

Good news: There is! It’s called the restart button, and your computer already has one.

We know you’re probably not excited to close every open window and application each time something goes wrong, but the truth is that restarting or rebooting resolves the vast majority of performance problems.

Here’s the how and the why:

Rebooting: Always the First Step

Whenever there’s a problem, try rebooting your computer before anything else. Face it: You’re better off not leaving this as a last resort, since your IT support is going to recommend it as soon as you call. What you’ll find is that, more often than not, a simple reboot solves the problem.

Consider the alternative: Your IT staff could spend hours digging in to an isolated problem that’s causing your computer to malfunction—hours of lost productivity, all to gain insight into an issue that may never come up again. Instead, take a shortcut and simply restart.

Why Rebooting Works

According to consumer technology expert Kim Komando, rebooting helps resolve computer issues because it allows the system to start from scratch and reset active glitches that have built up during program use. She describes it like the computer losing its “train of thought” while running software. Rebooting, then, lets the device return to a known functional state.

This makes regular reboots a great way to increase (or, at the very least, maintain) productivity. The more opportunities you give your computer to start fresh, the less time you’ll spend waiting for programs to load—and to recover after a crash.

Not Just for Computers

Restarting your device isn’t just “one of the most powerful methods for troubleshooting” computers; this method works for all electronics. Smartphones and tablets benefit from a reboot just as much as laptops and desktops. Handheld devices are just as likely to experience problems with background apps stealing resources from active apps, for example—but these issues don’t always manifest in obvious ways. Network hardware like routers, Wi-Fi access points, and modems can gradually slow down over time as they encounter problems. Restarting these devices occasionally is a good place to start in finding a solution.

While rebooting resolves a massive share of potential hardware problems, that other 10 percent requires substantially more IT expertise. Whether your business is looking for IT consulting or a managed service provider to help with troubleshooting, contact the experts at MPA Networks today to help keep your office running smoothly.

Defend Your Network Against Advanced Persistent Threats

Tuesday, July 12th, 2016

computer-1500929_640

If you’ve looked over our previous posts since we’ve started our blog, you know how serious we are about protecting your company from everyday cyber-threats—mainly phishingransomware, and various other malware. Today we’d like to discuss a different form of cyber-threat plaguing businesses over the past decade: what the security community has termed advanced persistent threats, or APT.

What exactly is “persistent” about APT? Most hacking attacks can be classified as “smash-and-grab robbery”: Break into a network and make off with anything of value—user identities, account numbers, cash—and disappear before anyone notices.

An APT attack compromises a network’s defenses and stays as long as possibleweeks, months, or years—discreetly infiltrating servers, eavesdropping on email, or discreetly installing remote bots or trojans which enable deeper espionage.

Their primary goal is information—classified material, trade secrets, or intellectual property—that might draw interest on the black market.

Robbery, Inc.: A Worldwide Enterprise

While unsophisticated hackers might lurk in the shadows like criminal gangs, APTs often emanate from professional environments not unlike a prosperous Bay Area tech company—posh high-rise offices, full-time employees with salaries and benefits, and formal product development teams. The difference is they’re conducting business in China, Russia, and other cyber sanctuary nations where international cybersecurity is unenforced and intellectual property laws don’t exist.

The more extensive an APT infection, the harder it is to isolate and eradicate it—like cockroaches under a kitchen sink. Many enterprise IT managers simply accept APT as a fact of life—conceding that trying to combat these intrusions would actually encourage the culprits to dig deeper into the network.

So if APT makes long-term data theft inevitable, how can you still protect yourself? Make the stolen data unusable.

Alphabet Soup? Fight APT with DLP

The second acronym we’ll talk about today is DLP: data leak protection. DLP encrypts sensitive data so that it can only be accessed by authorized users or workstations with a corresponding decryption key. If that data is intercepted by an APT, it’s rendered unreadable—and worthless.

Multiple name-brand security vendors offer a wide range of turnkey DLP solutions. Low-end products will automatically encrypt data which follows specific patterns (Social Security numbers, 16-digit credit cards), while high-end products can be configured to use complex algorithms and language analytics to locate and protect other specific forms of confidential data (such as client files, product designs, or sales figures). When unauthorized access is suspected, files can be temporarily quarantined against a possible data breach before they leave the company network.

Are APTs already lurking within your network? What proprietary data can your business not afford to lose? How can you evaluate DLP products to find the best solution for you? Talk to us for help.

The Death (and Second Life) of a Replaced Business Smartphone

Wednesday, March 2nd, 2016

ios-1091302_640

When it’s time to upgrade employee smartphones, your business needs to worry about backing up data, clearing the memory, and figuring out the best way to get rid of the old devices. According to Business Insider, the average smartphone upgrade cycle reached 22 months in 2012. This time frame could continue to increase as carriers drop subsidized plans.

With such a brief window of use, it’s likely your business will end up with a stockpile of functional but unused devices.

Those old phones may still have some life in them—and you may want to consider repurposing them instead of dumping them in an electronics recycling bin.

Backing It Up and Clearing Your Data

Regardless of what’s going to happen to the smartphone, your first task is wiping the data off of it. This usually means backing up all the information on the device and performing a factory reset to erase any confidential information. Android phones can back up data a few ways: via Google’s Cloud, backup applications, and connecting to a computer to manually copy data. iPhones, on the other hand, can rely on the iCloud backup process.

Once you’re backed up, remove any SIM and microSD cards the phone supports, and then run a factory reset to clear any and all data. CNET recommends connecting the wiped phone to a dummy account and wiping the device a second time to further protect your information.

Repurposing Old Smartphones

Your business can extract some extra value by giving old devices a second life. Keeping an older device or two around the office in a shared area as a social media access point is a great way to provide content for your company’s social media accounts. If your company is doing something newsworthy that your audience would be interested, snap a photo of it on the phone and post it to Facebook and Twitter. Employees can also use the device to respond to questions posed on those social media accounts.

Smartphones can break fairly easily. A new device can easily run $400 to $700, while replacement plans on devices can get pretty expensive. Be your own device replacement insurance policy, and consider keeping a few of the two-year-old phones around to replace lost or damaged devices to hold employees over until the smartphone can be properly replaced. While using a two-year-old phone lacks the “new and shiny” feeling, it’s more manageable than a shattered screen. The software and hardware on the slightly older device may not be cutting-edge, but it’s probably far from obsolete.

Alternatively, there’s a second-hand market for smartphones to replace broken devices and avoid paying a premium on new devices.

With a little effort, a smaller business can resell the unused devices on sites like eBay to recoup some of the value to put towards replacements. If your business doesn’t want to repurpose the phone internally, Mashable recommends donating the device to the troops, domestic violence victims, or another charity like the One Fund for Boston Marathon tragedy victims.

Questions? Get in touch with your local MSP.

Fake Phishing: The Ultimate Security Training?

Tuesday, January 5th, 2016

no-entry-909933_640

What is the current state of your company’s IT security training program—if you have one? Many companies settle for an annual group training session to broadly review the major types of cyber-threats—viruses, malware, and phishing.

The problem with once-a-year “standardized” training is that once employees go through it the first time, they may not fully pay attention in the future, thinking they’ve “heard it all before.” That’s when they’re most vulnerable.

“It Won’t Happen To Me”—Until It Does

Recently, a friend of ours—who normally prides himself on being “smarter than the average bear” when it comes to computer hygiene—confessed he finally got duped into downloading malware directly to his desktop PC. He tried updating to the latest version of CCleaner, a popular, trusted freeware utility which removes temporary files, cookies, and other unwanted clutter from a hard drive. But the page he was directed to had two different “Download” buttons… and he clicked the wrong one. After ignoring dire warning screens from his anti-virus program (“It’s only CCleaner,” he reasoned), he discovered he’d actually just downloaded several unfamiliar programs, masquerading as system processes in his Windows “Task Manager.”

The first consequence: an uncloseable pop-up window requesting payment to remove multiple “detected threats” (which he of course declined to pay). Fortunately, he immediately deleted all the “scamware”—via several malware-removal apps—before hackers could unleash more havoc. He was reminded to stay reasonably skeptical of almost everything online—and to never again let his guard down.

Time For Some “Tough Love”?

You can warn someone of looming cyber-dangers until they’re tired of hearing it… but sometimes the best education is simply “learning the hard way.”

A handful of security contractors are helping companies actually test their employees by providing fake phishing emails—which mimic the sophisticated tactics of genuine scams (offering bogus apps, phony “updates,” and more). When they click on a deceptive link, they’re quickly informed they’ve dodged a bullet:

“Oops! You’ve just fallen for a fake phishing email test. Luckily, your computer remains unharmed for now, but keep in mind this is how hackers regularly trick victims into compromising network security…”

One strong proponent of fake phishing is the Department of Homeland Security—which recommends federal employees who repeatedly fail such tests should have their security clearances revoked.

The point of fake phishing tests isn’t to anger or shame employees who unwittingly take the bait. The goal is to prove that cyber-threats are definitely real, and they should take security very seriously. Nobody wants to be the real victim.

For management, the overall “conversion rate” of a fake phishing test is a true metric of an IT security training program. If too many employees allow themselves to be conned by a simulated phishing scam, their existing training isn’t working.

For more ways to boost security measures within your business, get in touch with a local MSP.

Mobile Security Exploits: Surviving the BYOD Environment

Thursday, November 19th, 2015

telephone-586266_640

IT professionals are more concerned than ever about malicious software infections since smart mobile devices hit the mainstream. Many businesses have been relatively open to the idea of integrating smart devices into their workflow as a way to increase productivity. But news headlines have been quick to cover the many significant security exploits of the last few years. The most troubling part, perhaps, is the period of months or years that some of these security holes existed before anyone noticed.

BYOD, by nature, eliminates a level of control that IT departments are accustomed to having when protecting employee devices.

These devices often store saved passwords and even confidential company information—and, if compromised, can provoke an expensive disaster. Working with a managed service provider can help your business develop comprehensive best practices for mobile device security.

Stagefright

Android’s Stagefright is an example of an exploit affecting 900 million devices that can completely compromise security control. This particular hack uses Multimedia Messaging Service text messaging to upload malicious code and take over a device. A hacker that succeeds in controlling the device has access to everything on it—including confidential emails and financial accounts.

Google has put in the work to solve this issue, but it won’t do users any good unless they can install the patch. The three-tier Google to manufacturer to service provider patch approval and implementation process can delay updates for months.

You can confirm whether a specific device is vulnerable using one of the many Stagefright detector apps in the Play store, including this one by Lookout Mobile Security. If you find that your device is vulnerable to the hack, you can protect yourself by disabling MMS auto downloading in the Messaging app options. While it’s inconvenient to approve each MMS that comes through to your device, you can ignore messages from unrecognized numbers (which will make it very difficult to compromise the device).

Samsung SwiftKey

Samsung’s SwiftKey app implementation exploit also received substantial attention in the press over the 600 million vulnerable devices. This security hole allows a hacker to exploit the device update functionality within the SwiftKey app so they can upload custom firmware and take over. Samsung integrated the SwiftKey app into the phone’s software so it can’t be deleted to block the exploit. Samsung has updated their software to patch this hole—but, as with Stagefright, it is up to the carriers to push the update to impacted devices.

Fortunately, there’s an IT consulting tip that can minimize your exposure odds to the SwiftKey exploit: Do not update your device when connected to a public Wi-Fi network. The exploit actually requires that the hacker and the device be connected to the same compromised public Wi-Fi network to activate. Additionally, the device user would need to manually confirm that they want to apply the update for the hack to work, so simply refusing all updates while connected to public Wi-Fi at restaurants and stores will protect you.

iOS Exploits Exist

While Google’s Android operating system seems to take most of the heat for mobile device exploits, iOS devices don’t get off scot-free. In May 2015, hackers discovered a text message code that could be used to force iOS devices to crash and reboot when reading the message. Some devices were stuck in an annoying reboot loop. While not a security issue, this exploit could be a major productivity killer, rendering the device temporarily unusable. Apple was able to quickly patch this exploit, and updating the iOS device eliminated the issue.

Apple’s strict app approval process has done a fantastic job of keeping malware out of the App Store. However, in September 2015, hackers were able to sneak malware past the App Store approval process by supplying unsuspecting app developers with compromised code. Fortunately, Apple was able to identify and remove the affected apps before they became a widespread issue.

Working with an MSP is a great way to help protect your employees’ BYOD devices. In an ideal world, every device would be impervious to malicious attacks. But the next best option is to learn best practices to protect you from common attacks.

Email Encryption: The Basics

Thursday, November 12th, 2015

post-403145_640

Chances are you probably have a few USPS “forever” stamps that have been sitting in your desk drawer for a while. When was the last time you actually used them to “snail mail” something—a bill payment or an important letter? Most bills are paid online these days, and most of our day-to-day correspondence is done via email.

Remember postcards? When you were vacationing in some far-off locale—Europe, Hawaii, or Vegas—you probably bought a few picture postcards to send to friends and family back home. The postcard had space to write a short message. You tried not to write anything too personal on the postcard, because anyone could read it—from the postal carrier who delivered it to a stranger who might eventually find it in the trash.

Not so long ago, all email was a virtual postcard—unsecure and easily “eavesdropped” on by anyone who knew how to access it between points on a network, via a hacked username and password.

Encryption = Protection

How can email be shielded from “prying eyes”? The most effective method has proven to be encryption—essentially converting plain text messages (as well as file attachments) into mathematically-scrambled gobbledygook. Common forms of encryption revolve around digital certificates or “electronic keys” which encode messages from the sender and decode them at the recipient’s destination. This essentially upgrades the “postcard” to a sealed envelope, accessible only by the sender and recipients.

Commercially available email encryption solutions range from all-in-one hardware peripherals plugged into an email server which automatically encode and decode scrambled emails, to software applications, either downloaded in full or available as on-demand services. Most incorporate standard encryption protocols such as Transport Layer Security (TLS) or Secure Multipurpose Internet Mail Extensions (S/MIME).

What to Encrypt

Is encryption necessary for every business email? No. Only about 15% of commercial email is currently encrypted. While simple everyday correspondence doesn’t require encoding or decoding, advanced encryption is essential for confidential or proprietary data, including:

  • Legal documents
  • Medical records (as required by HIPAA)
  • Contact lists
  • Banking and billing records
  • Customers’ personally identifiable information (PII), including credit card and Social Security numbers

Email security begins with a clear policy regarding which specific information automatically requires email encryption.

The sheer number of encryption products on the market—from the “big names” to smaller vendors—is staggering. Planning, deploying and maintaining the most effective solution requires careful analysis of a company’s unique security needs.

How familiar are you with your current email encryption methods? Are you confident they’re the best defense against a costly data breach? Contact us for a free assessment.

Playing It Safe with Windows 10: Upgrading or Maintaining Your OS with Minimal Pain

Tuesday, October 27th, 2015

windows-831050_640

Now that the dust has settled around the release of Windows 10, your SMB may be looking to increase productivity by upgrading your OS. Still, you should proceed with caution.

The latest version of the operating system offers a more secure computing environment, better disaster recovery options, and an improved user interface that can optimize your operations. However, if it turns out that the software your business relies on doesn’t work with Windows 10, the downsides to an upgrade will quickly outweigh any upsides.  

Before diving in for a full upgrade, test the waters to ensure that:

A) Your existing software still works, or
B) There are compatible, convenient alternatives.

Identify Problematic Software

SMBs often have older software propping up the backbone of their business. Because that software is proven and reliable, dumping it isn’t a move to be taken lightly. Switching to an inferior but compatible product can kill productivity. An IT consulting service can help manage problems like decreased system performance and insufficient hardware to run the new OS by upgrading or replacing systems. If the software doesn’t work in Windows 10, there’s not much you can do to fix it.

It’s a good idea, then, to select one computer, upgrade it to Windows 10, and test all of your usual software before ordering a mass upgrade. Best case scenario, your software will work in Windows 10 as well as it did in the prior version.

If a program doesn’t want to start, there’s a tool at your disposal (included in Windows) that might save the day. “Compatibility Mode,” which can be accessed from the Properties menu located on the program launch icon, resolves many of the software conflicts that prevent older programs from running on newer platforms. You can select which version of Windows you want the computer to try to replicate to work around problems.

However, “Compatibility Mode” is not guaranteed to work—and if it doesn’t, your last option is running programs through virtualization (creating secondary instances of operating systems that run within the main one). Virtualization may work in a pinch for one-off situations, but running it on every computer is far from practical.

Find Compliant Replacements to Balance Security and Functionality

Sticking with older operating systems in favor of new ones becomes an increasing security risk over time, which can put any SMB in the difficult position of choosing a more functional or a more secure solution. A managed service provider can be an invaluable asset when finding software alternatives to replace programs that no longer work on modern operating systems. The OS turnover may provide a great opportunity to switch to a Cloud-based software alternative that’s platform-agnostic—and can put the “upgrade decision” to rest, permanently.

3 Incredible Benefits of Protecting Your Cloud Data with Two-Step Verification

Friday, October 16th, 2015

padlock-303616_640

Online security breaches can be expensive and productivity-killing events. When a nefarious third party acquires an employee password, it’s no party at all.

Many online businesses have begun using Two-Step Verification, also known as Two-Factor Authentication, to introduce an extra layer of protection against hackers and other cyber villains.

A number of juggernaut tech companies rely on some form of Two-Step Verification to store and exchange private information, including Apple, Google, Microsoft, Dropbox, Evernote, Yahoo, and PayPal. Two-Step Verification works by controlling which computers, tablets, phones, and other devices can access online accounts, requiring a user who’s logging on for the first time on a new device to enter an authorization key. Account owners assign a specific authentication key to each device—whether a cell phone or USB dongle key—which the user receives via text message, telephone call, or application. The key is time-sensitive, so any given key code only works for a short duration. If an account owner discovers a breach, all they need to do is sign on to the account with an already approved device and change the password.

Still wondering whether Two-Step Verification is right for you? Check out this list of benefits:

  1. Stolen Passwords Are Relatively Useless

If someone steals a password for an account that uses Two-Step Verification, that password is entirely useless unless the crook stole the authentication device as well, or has access to systems already approved for use. If they have the device but not the password, they’re also not getting through. In other words, the key and password are useless without each other.

  1. Control Which Machines Access Accounts

Two-Step Verification makes it so an account owner can choose which devices have access to confidential accounts. For example, a business may opt to enable access to specific devices for employees, but withhold the authentication key to prevent people from enabling access on unapproved devices. Alternatively, someone may opt to sync their workstation and personal laptop via the Cloud to work seamlessly between the two devices, but keep the laptop unauthenticated for confidential accounts because it poses a higher security risk. The workstation would act as an intermediary device in this case.

  1. Brute Force Hacks Fail

Brute force hacks systematically guess passwords and keys until they find the one that works. Since Two-Step Verification systems change the key after short intervals, brute force hacking procedures have to start from the beginning each time the interval elapses. The key is a moving target, which makes a brute force hack contingent on luck. The hack will almost certainly be identified and blocked before it cracks the code.

The downside? Two-Step Verification can be a bit tedious to configure. And because it prevents bad things from happening instead of making good things happen, it may feel like an unrewarded effort.

A managed service provider can help your business develop and implement a Two-Step Verification plan today. Two-Step Verification can streamline data sharing and increase productivity, saving you time and money by preventing security breaches over third-party platforms. Get in touch with a trusted local IT consulting service to protect what’s most important to your business.