Contact Us Today! We will take care of all your computing needs so you can get back to focusing on your business. SBI Rochester Call: (585)360-2572

Blog Home // Blog

How good is your company’s cyber security? We at Small Business Intelligence have urged and offered services to businesses to upgrade their data and cyber security systems to protect themselves and their customers. Now, New York has passed regulations that require adequate standards. Those who provide services in any financial industry come under these new regulations, overseen by the NY Department of Financial Services. The bill is called 23 NYCRR 500, and requires the information systems of every “covered entity,” such as insurance agencies, financial advisers, banks, etc., to meet certain minimum specifications. The following is a partial list of the new requirements:

 

  • Generate an annual cyber security report
  • Execute annual penetration testing
  • Execute bi-annual risk assessments
  • Implement an audit trail to track breaches
  • Create and implement a 5-year data retention policy
  • Evaluate custom applications yearly
  • Implement two-factor authentication for all remote access
  • Create policies based on new risks as they are discovered
  • Train all employees quarterly about cyber security and emerging threats
  • Encrypt all non-public data (not just sensitive data) on computers and during transit (email, file sharing, etc)
  • Notify Superintendent of breaches within 72 hours
  • Certify to the Superintendent annually that information systems meet the requirements.

 

Can you do all this yourself? Probably not. Most likely, you need to hire an outside consulting firm to help meet the required standards.

Small Business Intelligence has worked diligently to understand every nuance of this new law and we are ready to provide our customers with a comprehensive plan to meet these requirements. Every service from software patching to employee training is included.

What does this mean if you are not part of the financial industry? Nothing yet, but will New York State stop there? It is likely that these regulations are also coming to other industries, such as law offices, and accounting firms. Start now to secure your future.

Don’t risk your livelihood or your customers’ data! Let us help.

For a free analysis of your company’s cyber security, give us a call (585)360-2572

I recently had a customer who went to Israel to visit family. While he was there, his google calendar, contacts, and Gmail stopped syncing with his Samsung Galaxy Note 5. He assumed it would get better when he got back to the States, but it didn’t. He spent hours on the phone with Verizon wireless tech support, then with Google support, then in the Verizon wireless store. None of them could offer him a solution. I attempted removing the account and adding it again, clearing the data and cache for Gmail, contacts, calendar, and google play services. None of that changed anything.

Eventually I asked him when it began, and he told me the day it started happening. I looked through his emails from that day on the Gmail website, and found a couple emails from his airline in Israel with attachments that had some text in Hebrew. I deleted those emails, and the sync completed successfully.

If you have trouble with google sync, check your emails for anything with special characters or other languages.

One of my customers recently switched from having their hosting company manage their servers to having me manage them. On one hand the Hosting company will have a deep knowledge of their eco system, but on the other hand they have somewhat of a conflict of interest. They work for the company that sells you the hosting service. Sometimes you need to upgrade your hosting plan, and sometimes they are just up selling you because that’s their job.

If you have a problem with a server using a lot of bandwidth, is it really in their best interest to figure out why? or is it best for them if you use more bandwidth? If they charge for bandwidth usage, they have a conflict. You might not even know it’s a problem, and if they don’t say anything, then they make more money. You may have some problem eating up resources on your server, slowing it down. Upgrading to a bigger server may fix the symptoms, and again they make more money, but it doesn’t fix the underlying problem.

If you hire an outside company who isn’t selling you those services, they don’t want you to pay this hosting company more money, their job is to make you happy, by lowering your hosting bill, and making it work the right way.

I get this question more lately than ever before, even though people don’t realize it.

These days whenever you get new software the company will probably offer 2 different ways to buy. A 1 time price like we have traditionally always bought software, or a subscription billed monthly or yearly.

Your first thought might be why would I want to pay every month for something I have the ability to buy outright? And in some ways you’d be right. For instance if you need Microsoft office home and student for 1 computer you can get it on amazon for about $100 http://amzn.to/1ISPYKv. However that doesn’t include Outlook, which many business users use. For that version you need Home and Business which is about $175 http://amzn.to/1mmkXVl.

The other issue with buying outright is that it’s a license for just one computer. If you have a laptop, a windows tablet, etc. those are not covered. Then you are talking about $175 per device, to cover the life of the device. So if you have 5 devices, that’s $875 in Microsoft office licenses alone. Most business users replace their computers every 3 years, which means a cost of $291.66 a year.

That’s why they offer Office as a subscription. You can get a subscription for between $10-$15 a month that covers up to 5 devices. That comes out to $180 or less a year rather than $291 a year in software, and you get the added benefit of automatically receiving updates to the newest version when they come out, and being able to move the subscription to a new computer when you get one.

Microsoft isn’t the only company that offers software this way. Adobe offers their software as a service, as do many others. So next time you look into upgrading your software, check into whether or not they offer it as a service, because it can save you money.

Why you should worry about your employees phones

mobile

These days we all have smart phones. They help us navigate our day, and get our work done. I don’t know about you, but I don’t think I could live without my phone any more.

What happens when that phone is lost or stolen? You have your company email on there, maybe important documents, some times even company secrets, or customers information. That stuff cannot end up the in the wrong hands. That is the problem behind today’s bring your own device world. Companies cannot be sure that you are only working on secure devices that meet their standards, and that they have enough control over. Or can they?

With managed mobile services, they can. You make it part of your companies policy that all mobile devices used for work must have a managed mobile app installed. This lets you locate, wipe, or control your lost or stolen device and keep the information out of the wrong hands.

For companies that offer their employees mobile devices like smart phones or tablets you can do even more.  If you give your employee a phone for work use, you can see what they are doing on the device. You can see which apps they install, who and what they are texting, who they are calling, and where they are taking the device.

I get this question a lot from customers when their hard drive fails, and they want to know what the clicking sound is. I made this video to explain a few years ago, and it’s up to almost 150,000 hits on youtube. So obviously people want to know.

Hopefully that explains at least a little. If you heard this noise coming from your computer, it’s time to bring it in.

For some businesses a couple hours of downtime can be a problem. It can cost hundreds in lost revenue, or makes your customers unhappy. However, those businesses don’t need to spend tens of thousands of dollars to make sure their computer systems keep working.  A client like that may need redundant internet connections, a server with redundant hard drives, and maybe an online backup solution.

But what if being down for an hour looses you tens or hundreds of thousands of dollars? Some companies pay millions for multiple data centers, each having multiple electricity connections, multiple internet connections, and multiple backups to support multiple redundant servers with redundant hard drives, cpu’s, memory, and even power supplies. All that to stretch out the number of 9’s at the end of 99.999% up time.

If your company doesn’t have millions of dollars to spend on I.T. you can still get pretty close to the up time of the big companies. A few ways to do this are:

Virtualize servers in a “public” cloud- You can harness the power of these millions of dollars that cloud computing companies are spending on their data centers, and “rent” space and processing power from them. However not all servers can be off site in the cloud, and having some servers off site means you need a faster internet connection to connect to the server.

Build your own cloud- When the data you have is too important to upload over the internet, you might want to build your own cloud. This is more expensive, and less redundant than having your servers hosted in a public cloud, but you get the peace of mind that you know exactly where your data is.

Use a hybrid backup solution- You may want to keep your current servers in place since you already payed for them, and they work. The question is for how long? Computers break. That’s why I have a job. So with a hybrid backup solution you can back your server up, and if it fails you can use the backup to run a virtual copy of your server. This solution is less expensive than building your own cloud, and can be very similar in cost to hosting your servers in a public cloud.

No matter what size your business is, or how much you need top spend to make sure things keep running, there is a solution for you.

Windows server 2003 has been good to us. It has served up our files, websites, terminal sessions, etc for many years now. That is all coming to an end for most businesses. Windows server 2003 is reaching end of support on July 14th 2015 (http://www.microsoftbusinesshub.com/windows-server-2003-EOS-migration-registration). That means no more security updates patching security flaws. This could leave you business at risk and open to hackers.

Having antivirus, firewalls, and other security software can help minimize some risks, but when it comes to security flaws in the operating system you really need to have them patched. If your company has any stored information about your customers you have the obligation to keep that information private, and a breach can be blamed on you. It is not worth the risk to keep these old servers around.

If you still have a windows server 2003 based server in your business, you should make a plan to replace it before July 14th. If you switch to a new server with windows server 2012, it will be supported until January 2023 (https://support.microsoft.com/en-us/lifecycle/search/default.aspx?sort=PN&alpha=windows%20server&Filter=FilterNO)

Problem: I rent a server that doesn’t allow you to use bridged mode with virtual machines due to port security which only allows one mac address to connect to their switch. Normally, you would just use bridged mode, and assign a VM the external IP address you get from your ISP, but that won’t work here. I was told I needed to use NAT to connect my VM’s to the internet.

Virtualbox supports NAT mode, but then you have to set up port forwarding for any services you need to use. This can be an issue especially for services like FTP which when in passive mode needs port 21 for login and control, and a port range for the data channels. Most FTP services allow you to assign a range of ports to use, so you can forward them, but Virtualbox doesn’t support port range forwarding, so you have to forward each port individually. A much easier way to deal with a situation like this is to use 1:1 NAT also known as basic NAT or 1 to 1 NAT, but Virtualbox doesn’t support that either.

Solution: Virtualbox does support a networking mode called host only networking. This basically acts as a virtual switch that is connected to a virtual NIC on your computer. So if you set up windows server for NAT, you can use windows server’s 1:1 Nat abilities. Here’s how.

1. Set the VM to use host only networking in the virtualbox interface, Then set a static IP address in your VM in the 192.168.56.2-254 range. Setting a static IP address can vary from one host to another, so I won’t go into that.

hostonly

 

2. In server manager add roles and features

addrole

 

3. Check remote access

 

remacc

4. Check routing

rout

 

5. Open Routing and remote access, right click on your server and choose configure and enable routing and remote access.

conf

 

6. Choose network address translation (NAT)

nat

 

7.  Choose your NIC attached to the external network.

ether

 

8. Choose to set up dns and dhcp later

name

 

9. Once it finishes setting up RRAS expand ipv4, and click on NAT, then double click Ethernet.

ether2

 

10. Under the address pool tab click add, and add your IP address pool given to you by your ISP or hosting provider.

 

add

11. Click reservations, then add, and input the external address you want to map to your VM, and the static IP address you gave it in the first step, and check allow incoming sessions to this address.

map

 

12. Then just hit ok until you get back to routing and remote access, and you should be all set! Your static, external IP address now maps to your VM’s internal address, and any services that your vm’s firewall or security software aren’t blocking can be accessed from that IP address.

 

This is not how you want your corporate traffic to look

facebook-usage

 

When you pay your employees, I bet you don’t like the thought of paying them to socialize with friends on Facebook. How about paying for the devices and bandwidth they use to socialize? That doesn’t sound like something I’d want either.

The good news is you don’t have to. Content filtering at different levels is a very achievable goal. A proxy can be used to block social media traffic at the network level, and web filtering can be used to block it at the application level. Together you can almost eliminate any unwanted internet use.

Of course it doesn’t have to end at social media. web filtering can keep your employees from infecting computers, shopping online on company time, or even keep them from causing HR issues with other workers.