Blog

June 20th, 2012

My heading might appear to be a strange statement to make considering I run an IT company.  But I stand by it.  Let me explain:  Many small businesses I come across are initially hesitant to meet with me or my staff.  “But we already have an IT guy”, they declare.  And indeed they do;  It’s the owner’s son-in-law, or the guy from the computer shop across the road, or an employee’s brother who is studying IT at university, or the guy they called once from the yellow-pages.

In any case, they’re making the assumption that my company wants to become their “IT guy” when in fact that’s not our intention at all.  We aren’t the “IT guy”.  The IT guy is the guy they call when a computer breaks, or when email isn’t working, or when they want to know how to stop those damn pop-ups.   But I’m here to tell you that the IT Guy is a dying breed.

As technology becomes more and more ubiquitous and it penetrates deeper within core and critical systems and processes throughout small businesses, you don’t want to be relying on your IT guy.  He’s usually a whiz on computers, but he’s not necessarily full bottle when it comes to business consulting.

You see, the line between technology consulting and management consulting is becoming increasingly blurred.  Technology underpins and provides the tools for so many critical business functions that companies like mine employ business experts to provide true ongoing business solutions and services that fundamentally improve our customer’s businesses.   And small businesses really must engage in a long term partnership with a technology company that understands their business , first and foremost, if they truly want to maintain a competitive edge and be innovative.

If you don’t have a partnership with a technology company that understands business you’re likely to be left behind in the wake of your competitors.   IT companies are changing their business models to a more consultative partnering approach, and most are dropping the old fashioned adhoc break/fix type support altogether.  So if you rely on your IT guy there will inevitably be one day soon he’s not available to assist you when you need urgent support, and you might just find yourself up a familiar creek with-out a paddle because you don’t have a strong partnership with an IT company.  I believe the number of IT companies willing to answer your call to provide adhoc support will reduce as their business models shift to managed services with long term clients who look to them for business improvement, not just IT support.

So if you only have an IT Guy, do yourself a favour and make a committment to have a meeting with an IT company and be sure to talk to them with an open mind about how they can help you be a better business.

You want your PC fixed ‘cause it’s broken? – call the IT guy.  You want to make an ongoing and long term improvement to the way you do business?  – call your technology partner :)

January 3rd, 2012

It doesn't matter how solid your security system is –any hacker or online thief can figure out a weak password in a couple of hours through trial and error. Don't risk being a victim of a security breach and data theft. Avoid these passwords that are especially easy to crack.

If you think using 'password' as your password is no big deal, then it's time to rethink.

Security experts have recently compiled a list of the worst passwords users can choose, and 'password' is at the very top of the list. Weak passwords make your information more vulnerable simply because hackers can guess them. It may be easier to pick a password that you don't have to think about, but it's a choice that you may come to regret.

To help you avoid common password choice mistakes that users make, management application provider SplashData has compiled a list of the 25 worst passwords to use:

  1. password
  2. 123456
  3. 12345678
  4. qwerty
  5. abc123
  6. monkey
  7. 1234567
  8. letmein
  9. trustno1
  10. dragon
  11. baseball
  12. 111111
  13. iloveyou
  14. master
  15. sunshine
  16. ashley
  17. bailey
  18. passw0rd
  19. shadow
  20. 123123
  21. 654321
  22. superman
  23. qazwsx
  24. michael
  25. football
Make a smart password choice Experts advise using a combination of letters and numbers when creating your passwords, and to avoid things that anyone might be able to guess, such as birthdays and anniversary dates. Passwords with eight characters or more are safer and it's best to use different passwords for different accounts and websites. Use a password manager to help you keep track of all of your passwords if you're finding it difficult to remember them all..

No matter how sophisticated your security system is, a weak password gives hackers and online thieves an advantage. Helping all the users in your organization understand the importance of password strength will help you secure the IT systems in your organization.

If you're interested in learning more, please contact us so we can develop a comprehensive and custom security blueprint that meets your specific needs.

Reference: Worst Internet Passwords

Published with permission from TechAdvisory.org. Source.

December 29th, 2011

In an unprecedented move against online fraudsters and hackers, the United States Federal Bureau of Investigation (FBI) and authorities in Estonia, aided by information from security firm Trend Micro, recently conducted a raid that brought down an enormous bot network made up of at least 4 million bots.

Four million is a big number which makes four million bots, in security terms, a staggering and frightening number as well.

It is a good thing, then, that four million is also the number of bots taken down in a recent bust by the United States Federal Bureau of Investigation, the Estonian Police, and security firm Trend Micro. Data centers in New York City, Chicago, and Estonia were raided by authorities, shutting down hundreds of servers used to create a network of bots that spanned some 100 countries.

The said bust, dubbed “Operation Ghost Click”, is one of – if not THE – largest cybercriminal bust in history, putting to sleep a sophisticated scamming operation that victimized 4 to 5 million users and was said to have generated at least $14 million in illegal revenue.

The scam mainly involved hijacking Domain Name Server (DNS) settings in infected computers, which can be used not only to introduce more malware into an IT system, but also to hijack search results and replace advertisements loaded on websites visited through an infected computer.

While this bust does bode well for all IT users everywhere in the world, it also illustrates the scope of influence and level of organization behind security threats. Since this is probably not the only scam / fraud / botnet operation in the world, it is always best to have a comprehensive security policy for your IT infrastructure to minimize the risk of compromising your company’s data and information.

For more details on the bust, check out Trend Micro’s blog post here.

Published with permission from TechAdvisory.org. Source.

December 19th, 2011

Employees using their own mobile devices for work may seem like a good idea at first it's less expense for you, the employer, and they can also make employees more productive. However, it also means that you are allowing potentially unsecure devices to access your company's data. The solution? An effective IT security policy that balances personal freedom to use these devices and your need to secure important business information.

As technology continues to become more affordable and accessible to consumers, it's an inevitable fact that employers will see more and more of their employees using their own personal devices such as laptops and mobile phones to access the company's IT system.

This can be a dangerous thing. Since these devices aren't company owned and regulated, you have limited access and control over how they are used. Employees could download all sorts of malware and viruses on their devices and pass the infection along to your IT system when they access it.

The solution: a comprehensive IT security policy. It's important that you find a compromise between the freedom of the employee to use the device as desired and your need to keep your IT system safe from viruses and other threats to your data's security. Steps such as having employees run mobile device management (MDM) software on their devices is one of many actions you can take to lessen the risk of security breaches. You may also want to implement applications and software that check and screen for malware, both for laptops and mobile devices. And don't forget that while Android seems to have a bigger problem with malicious software, Apple isn't exactly virus-free, either.

Employees have a right to use their personal devices as they see fit, but not at the expense of important company information stored in your IT system. Running a tight ship in terms of security is an effective way to protect your business interests and your sensitive company data. If you are interested in knowing more about developing a concrete and effective IT security policy for personal device use as well as general system access, please don't hesitate to give us a call so we can sit down with you and discuss a custom security blueprint that's just right for you.

Published with permission from TechAdvisory.org. Source.