Internet Use in the Workplace

Today’s business world is driven by the internet in many facets. However, the internet also can make you more vulnerable to data breaches and viruses. As the threats have changed over the years, you’ve likely made sure update your hardware and software. However, your changes can’t all go into your network, your users themselves can pose an unknowing or unintentional security threat with bad browsing habits. Unsafe browsing habits can expose your network to hackers, viruses, malware and ransomware. These are all possibilities when users access untrustworthy sites, share information and download files from the web. The internet is a powerful tool but it can become a distraction making your employees less productive.

Working with your MSP you can make better choices with your internet policies and security features. Current versions of firewalls offer content screening and flow control. If you’re not already utilizing these features, it’s a great way to cut your risk by blocking commonly attacked and work inappropriate websites out the gate. This also helps ensure that your ISP’s resources are being used in the most efficient way. Make your users aware of your protocols and be ready to enforce them.

A comprehensive Internet Usage Policy will not only cover the company’s expectations of use but also contain the appropriate disclosures regarding monitoring and ownership of information. The company’s usage policy helps your employees adhere to best practices on the internet. Regular reminders help keep everyone on the same page. Some things you may want to review with them are:

  • Internet use should be limited to job-related activities
  • All Internet data that is composed, transmitted and/or received by the company’s computer systems belongs to the company and is part of its official data. Therefore it’s subject to disclosure for legal reasons to appropriate third parties.
  • The company reserves the right to monitor internet traffic and monitor any data that is sent, received or composed online.
  • Sites and downloads may be monitored by the company and will be blocked if they are deemed to be harmful or unproductive to business.
  • Installation of software and instant messaging services are prohibited.

It’s important that your employees take safeguarding your systems seriously. With the overturn of the FCC’s privacy rulings our internet data is once again less private than many would like. It’s essential that employees understand that what they do on the internet can have an impact on the company.

Why you need Managed Services for your Small Business

Net Neutrality, Artificial Intelligence, Y2K, Data Mining are all buzzwords floating around the IT industry. Another term you keep hearing is Managed Services. Are you left wondering what it is? Is it just another trendy name or something larger? Hopefully we can lay out what Managed Services is and it’s a benefit to you.

The first thing to clear up is that Managed Services isn’t just terminology being thrown around to make something mundane sound exciting. Managed Services is a viable business model. Break/fix style support in today’s environment is unreliable and unsuccessful for both the provider and the customer. Businesses of all sizes can benefit from finding the right Managed Services Provider (MSP). The MSP model can be applied to both SMB and Fortune 500 companies. Small to midsized companies can really benefit from Managed Services. If you want to keep your employees focused on productive, having an MSP will ensure you have a fast and reliable network. As an SMB it should be motivating to know that you have access to the same benefits as larger companies when it comes to your IT infrastructure.

The MSP movement has roots that go back to the 90s. Both hardware and software vendors were developing early warning signals when something would go wrong using Simple Network Management Protocol. But the original systems built to monitor the signs were complex to manage and therefore expensive. The expense meant this was only being used by the largest of networks. But instead of staying static and potentially dying out the systems changed and by the mid-2000s it started to evolve into the MSP platform we know today.

As a MSP subscriber your entire network is monitored and any anomalies create an alert that your MSP will look into. This is a complete turnaround from the break/fix mentality. Under Managed Services you aren’t left waiting for something to actually stop working in order to apply the solution. Having a MSP means greater stability and a significant decrease in business interruptions since your updates and patches are rolled out on a regular schedule. Your systems are also now monitored 24/7. Constant monitoring means that you don’t have to wait for an end user to report a problem and it increases your CyberSecurity.

The break/fix model is outdated. It has a negative impact on IT firms as the income stream is unreliable. It also cuts into resources since it takes more time to apply a fix when it’s something that could have been avoided with maintenance. As a customer, the break/fix approach means you actually have to be down before receiving help. Why take the risk of a business interruption when you can be proactive vs. reactive? Success in business largely depends on being able to stay current and that means anticipating changes and adapting before your competitor to give you an edge. So why not take the same approach with your IT services?

It can take some adjustment to paying monthly verses paying for services as needed but over time the MSP pricing model can actually save you money. Managed Services mean greater efficiency. As in any other situation greater efficiency over time means lower cost. This also means you can focus more on running your business verses having to deal with technology. Your MSP can also help ensure you are getting the best market price and service from your IT related vendors. Their experience and exposure will give you an advantage so you know that you aren’t overpaying for internet or software licensees.

There’s also more transparency of services with an MSP. Your contract will lay out the services, responsibilities and availability. When you have this level of transparency and accountability it helps create a solid relationship between the provider and the customer. With so much at stake, you will have peace of mind knowing that your network is secure and stable and who to contact when you have questions.

The constant changes in technology can make it hard to decipher what is and isn’t a trend. But Managed Services is not going anywhere and the benefits to the user can only increase.

Building Your Plan for BYOD!

Building Your Plan for BYOD!

As the line between working in-office and working from home becomes more and more blurred, a new trend in employee technology has begun to emerge – BYOD, or bring your own device. Many companies are offering their employees the option to bring their own devices into the office environment as it can improve both employee satisfaction and office productivity.  But CIOs still must consider three different basic set ups/options before taking the plunge:

  1. Bring Your Own Device (BYOD) – In this set up an employee has complete control over choosing and supporting the device they use at work since it is fully owned by the employee. This is a very popular method with smaller companies or those who utilize independent contractors.
  2. Choose Your Own Device (CYOD) – In this set up employees are offered a choice of devices that have been approved by the company for their security, reliability, and durability. The approved devices work within the company’s IT environment, however the device itself is owned by the employee; either they have paid for it themselves or it was paid for through a company stipend and the employee can keep it for the length of their employment.
  3. Company-issued, Personally-Enabled (COPE) device – Here an employee is supplied a phone or other device, paid for by the company, that they can use for personal activities. The employer can decide how much access and freedom employees get when using these devices.  This is the closest option to the traditional Corporate Owned Business Only (COBO) model of old.

While CYOD and COPE are often employed in larger organizations, BYOD is by far the most popular option with SMB’s.  There are many benefits to the new BYOD office set up.  When employees are totally familiar and comfortable with their own devices they are likely to be more productive since they do not require any time or training to get up to speed on optimal usage.  Additionally, personal devices, as opposed to business owned, oftentimes are the latest model with all the latest updates and features.  Early adopters love having the latest version of their preferred device and companies can leverage that desire to their advantage.

A further advantage to adopting BYOD is cost savings to the employer.  By having people responsible for part or, in some cases, all of the cost of their mobile devices, businesses can potentially reduce the impact of mobile device costs on their bottom line.

If and when your company adopts a BYOD policy, the best way to ensure that you do not encounter an excessive surge in calls for help to your IT team is to have strong and comprehensive BYOD guidelines in place.  Here at Midwest IT Solutions we have worked hard to research and develop guidelines for our clients to follow. Any policy should encompass seven key areas:

  1. Specify what devices are allowed. You will be getting into the business of saying, yes iPhone, no Android, yes iPad no any other tablet. Once you have decided what devices are allowed it is key to make clear what level of support (if any) you will offer owners of these devices.
  2. Establish strict security protocols for those devices.
  3. Define a clear support policy i.e. what level of IT support will you (the employer) provide?
  4. Decide which Apps will be allowed, which will be banned.
  5. Make clear who owns the apps and data used on the employee’s devices.
  6. Be sure that your BYOD policy is aligned and fully integrated with your current Acceptable Use policy.
  7. Be sure to come up with an employee off-boarding plan.

There are many factors to consider before any manager or executive rolls out a new BYOD policy.  A successful BYOD policy can aid in productivity and employee satisfaction, a less detailed BYOD policy can lead to security breaches and numerous IT headaches.

At Midwest IT Solutions we can help you navigate through the complex new world of BYOD.  With Midwest IT Solutions’ guidance, you will be able to leverage the wonderful benefits of BYOD without facing the many pitfalls.  Do not try to chart your own course through this exciting world, contact us today!

Cloud Computing: The MSP Advantage

It’s no secret that cloud computing is the future of computer and network care for businesses worldwide.  “The cloud” eliminates the need to have physical servers and hardware in your office. Cloud computing focuses on maximizing the effectiveness of the company’s shared resources, as well as being effective in heightening companies’ day to day tasks with multiple users.  It is a highly efficient way to store your company’s data in one place at a flat monthly cost, as opposed to worrying about the large capital investment of new network equipment on a regular basis.

Cloud adoption and cloud-based file sharing are becoming increasingly popular among the general public, but can cause concern among CIOs. Unfortunately, IT organizations are having a hard time keeping up with large, public cloud providers.  According to an article from Business Cloud News, a recent survey conducted by Fruition Partners of 100 CIOs found that 84 percent believe cloud adoption reduces their organization’s control over IT.

About nine in ten believe unsanctioned use of public cloud services has created long-term security risks. This is troubling to CIOs because it can lead to possible information leaks or other data security breaches. In addition, 79 percent of CIOs believe that there are cloud services in use that their IT department is not aware of.  This reiterates the danger of losing grasp of the company’s technology while using a large cloud provider.

Partnering with a Managed Service Provider (MSP) can help prevent these worries from arising.  A proactive relationship with an MSP gives you the ability to aid in, or fully move, to a private cloud option.  It ensures that your company will be working with a partner that has experience with many cloud networks, therefore providing the highest level of support possible.  This is crucial when it comes to the transition of moving your company’s data and file sharing for all users within your company at an affordable cost, while at the same time, preventing downtime on the network.

In conclusion, the value of having an MSP on your side to aid in cloud based technologies for your business is second to none.  Small to midsize companies can focus on the core competencies of their business that make them money, while letting the experts control all business technology in the cloud.

Internet Surfing Best Practices

  • Use Google Search

Before you start to type the name of a website you have never been to before, try googling it first. Google actively scans just about every website and looks for malicious (harmful) code. If it finds something, it will warn you in the search. Google will also ensure that you end up at the page you are looking for. After googling, be sure to read the information provided below the link in order to learn about the website.

  • Don’t click ANY advertisements

First of all, there is no such thing as a coupon printer. Plain and simple; they do not exist. Secondly, there is no such thing as a good advertisement. Sure, some will take you to the place you want to go to see some golf club or purse, but it is safest to assume that all ads are bad. If you find that ads are starting to market directly to you that means you have been clicking on them and they are tracking what you are interested in.  It may seem easier to click a well-targeted add to see the new fall lineup or a new car, but the more you click ads the more likely you will run into malware. Just google the new fall lineup or car and view it directly on their site.

  • The “YOUR COMPUTER IS INFECTED” banners

No website can tell you what is on your computer. You have to allow a program access to scan your computer before it can tell you what is there. Completely ignore any banner or website that tries to tell you how many things are wrong with your computer. These banners are the birthplace of most adware and malware. More often than not they will infect and slow down your computer and never fix any real issues.

  • Check the address of the site you are on

Does it look like the site you should be on? “Phishing” or “Spoof” websites are designed to look exactly like another website. Here is an example:

phising

This site is setup to look as much like Citibank as possible in an attempt to get credit card information. A foolproof way to ensure you are on the correct website before entering secure information is to review the address bar where the webpage link is located. As you will see in the example, the address is https://web.da-us.citibank.com/… Does this look familiar?  Try to google Citibank and see what google reports as their webpage.  After googling, you will notice that Citibank’s website looks like this: https://online.citibank.com/US/JPS/portal/Index.do. Also, take a hard look at the website itself, does it look official? If you are in question at all, close the window and try Google searching to find the correct location for a website.

  • Check for a SSL Cert

Without getting too technical, SSL certs provide a secure (protected) connection from your computer to the website you are on. That is to say, any data or communication passed from your computer or the website cannot be read by anyone else along the line of communication. You will want to check for these certs on every site that you are entering any confidential information. Below you will see examples of where to check for SSL certs on the common browsers:

Chrome– Chrome

IEHTTPS – Internet Explorer 11

firefox– Firefox

opra – Opera

safari– Safari

Essentially what you are looking for is the ‘s’ at the end of http’s’://www.google.com. Some browsers represent the secure connection as a green lock. If you don’t see the ‘s’ or the green lock, do not enter in any confidential or even personal information.

  • Password use

This can be covered in a topic all by itself but I will touch on it slightly. If you are someone who does not like to keep different passwords for every site, I urge you not to use the same password for everything. Something you can try is to keep a few different passwords and use them for varying levels of security. For example, there will be some sites that ask you to create an account just to view their items for sale. Do not use the same password as your online bank account. Use a password you would not mind if it got stolen and continue to use that password for all sites you could care less about. Another note, if you save your passwords in your browser to ‘Auto-Fill’ realize that someone with access to your computer can now log into every place that has a stored password. If you sync your passwords using google so that all devices have the same saved passwords, realize that your google account password now needs to be the most secure. Someone just needs that one password to

Keep your focus!!

Running a business is a 365 day a year job. While you focus on running your business let Midwest IT Solutions focus on keeping you up to date on the latest developments in information technology. In the 4th quarter of 2015 Microsoft launched Exchange Server 2016 and implemented updates to its Office 365 service and software suite. While both feature improved security, there are several key differences, which is crucial to understand when making the appropriate choice for your business.

Office 365 is Microsoft’s cloud based subscription service and therefore is no need to purchase any additional hardware. The low monthly subscription structure makes it a cost effective option for many small to mid-sized businesses in industries who need to comply with all current privacy and regulatory guidelines. Many business owners do not realize that free email services, such as Gmail, yahoo, and AOL are not compliant with certain security and privacy regulations. Any company that is found to be non-compliant in regulated industries may face a government fine, as well as have to pay a service to get them back in industry compliance.

In addition to meeting confidentiality requirements, the email service in Office 365 has an added feature called “Clutter.” Clutter utilizes smart technology to learn patterns in users email. If it sees that emails from a specific sender are consistently never opened or immediately delated it will send those messages to the Clutter folder rather than the inbox.

Unlike Office 365, Exchange Server 2016 is Microsoft’s most up to date and secure email software for on premise options. Some business owners prefer to keep their email server on premises rather than Office 365 due to a higher level of internal control. Depending on your particular business’ needs, it can offer higher performance than Microsoft’s cloud based service. There are some cases where an on premises server is the best, such as businesses that require large capacity file shares (50GB in size or more) or operations that would be bandwidth-prohibitive in a cloud scenario. Offices that have less infrastructure access to the internet would be wise to take this into account during their decision making process.

Exchange 2016 offers all of the same security features as Office 365 and is fully compliant with all privacy guidelines. However, it does not have the Clutter feature that Office 365 users are able to utilize. If you are currently using a now unsupported, or soon to be unsupported version of Exchange, it is past time to upgrade; preparing to move to Exchange 2016 is a must. Any business currently running a version of Exchange Server earlier than 2010 will need to perform an additional step as they upgrade. Files must be moved to Exchange Server 2010 as an interim step as newer versions cannot co-exist with any framework developed prior to 2010. It is important to remember that Microsoft will be terminating all support of any version of Exchange prior to 2010 on April 11, 2017. If your internal IT department has their hands full managing your day to day operations or if you do not have an internal IT department, Midwest can help you ensure a smooth transition as you migrate to the Exchange 2016 environment.

How do you know which option is the right choice for your business? Midwest can help you navigate the confusing world of information technology. You focus on what you do best and let Midwest handle the IT. Contact Us…

 

Custom Cloud Solutions

When you are making your choice in cloud providers, you can trust Midwest IT to help you make an unbiased decision based on YOUR needs.

FBI Warns Businesses of Email Scams

The FBI has issued alerts to all businesses about the spread of BEC scams.  One of the fastest growing hazards facing businesses today is the growth of business email compromise, or BEC scams.  According to the FBI these scams have grown by more than 270% since the beginning of last year.  At their last reporting more than 7,000 businesses have lost more than $1.2 billion in the last 2 years.  At Midwest IT Solutions we help you to manage your IT risk.  We are at the forefront of IT risk management; monitoring, assessing, and evaluating threats to your network no matter where they may come from.  You can be confident knowing that Midwest IT Solutions is in your corner.  While these scams may at first seem less impressive than thefts perpetrated by sophisticated malware targeting banks and other large institutions; a BEC attack is in reality more­­­­ vicious.  They are more versatile and can avoid the basic security steps taken by businesses and individuals.  Instead of simply targeting your machines, a BEC scam targets your people!  Criminals are convincing their victims to hand company money right over to them, and they have been very successful in doing so.  According to the FBI, “The scam has been reported in all 50 states and in 79 countries.  Fraudulent transfers have been reported going to 72 countries; however, the majority of the transfers are going to Asian banks located within China and Hong Kong.

BEC scams are being perpetrated in multiple stages.  In the first stage a traditional email phishing scam is carried out.  Once the criminal has access to an employee’s email account, they will monitor the account for an extended period of time, sometimes up to several months.  During this time the fraudster is learning the financial processes of the target business.  They are learning if wire transfers are used, who initiates them as well as who typical requests them.  Emails are searched for key terms such as, but not limited to: invoice, deposit, president, and wire transfer.  Fraudsters are taking the time to familiarize themselves with the target business’ activities, organizational relationships, interests, as well as travel, or purchasing plans.

Once the reconnaissance phase of the fraud is completed the second phase of the con is initiated.  This portion comes in two different forms.  The first is known as a CEO Phishing Scam.  Crooks create a domain name that is nearly identical to the company’s and send a spoof email that appears to be from the CEO or other high ranking executive.  This email will look totally real and only a very careful reading of the email will give the targeted employee a chance of detecting any sort of problem.  The fraudster impersonating the high level executive requests a wire transfer be made.  The target employee believes that their superior has directed them to transfer funds and, being a good employee, the instructions are carried out.  Because they have spent so much time and effort getting ready to perpetrate this fraud, the criminals are able to create an utterly convincing fund request.  Before anyone has realized what has happened company money has disappeared.

In the second version of this scam, the email of someone within the targeted company responsible for billing and invoicing is taken over and used to send out legitimate appearing invoices instructing that payment be made by wire to a newly designated bank account.  Again, it would take intense scrutiny to notice anything wrong with this phony invoice.  One of the most nefarious aspect of these scams is that they are unlikely to be caught in any spam traps as these are targeted attacks and not mass emails.  These scams continue to grow and evolve as time goes by so it is important to be vigilant.  To protect themselves the FBI has urged businesses to adopt the following processes:

  • Create intrusion detection system rules that flag e-mails with extensions that are similar to company e-mail. For example, legitimate e-mail of com would flag fraudulent e-mail of abc-company.com.
  • Register all company domains that are slightly different than the actual company domain.
  • Verify changes in vendor payment location by adding additional two-factor authentication such as having a secondary sign- off by company personnel.
  • Confirm requests for transfers of funds. When using phone verification as part of the two-factor authentication, use previously known numbers, not the numbers provided in the e-mail request.
  • Know the habits of your customers, including the details of, reasons behind, and amount of payments.
  • Carefully scrutinize all e-mail requests for transfer of funds to determine if the requests are out of the ordinary.

At Midwest IT Solutions it is our job to monitor threats to your business.  We are IT experts ready to help defend you against any attack cybercriminals can dish out.  Don’t go it alone, contact the Midwest IT Solutions today!

Delta IT Disaster!!!

Angry customers, negative media coverage, frustrated employees, untold revenue lost, lingering anger from customers: that’s the status for Delta Airlines this week.  Of course this is not news to anyone; unless you have been living under a rock you have heard the numerous news reports detailing the Delta computer disaster.  Whether caused by a minor power outage at Delta headquarters or an internal computer hiccup, the airline was forced to cancel over 500 flights causing gridlock across America’s airports at the height of vacation season.

You may not be running an international transportation corporation, but imagine what would happen to your clients if you had an unexpected IT failure. Think something like this can’t happen to you; think again.  The problem that Delta airlines faced was not the power outage at their headquarters, it was an inadequate IT Disaster Recovery Plan.  As a business owner you don’t want to be caught off guard in the middle of an IT nightmare.  While an IT Disaster Recovery Plan may sound like a great idea you might not even know what one looks like, let alone where to start.  Here at Midwest IT Solutions we are your IT partner and are ready to put together a comprehensive IT Disaster Recovery Plan.  The goal of any good plan is fivefold, it should:

  • Minimize the disruption of business operations
  • Minimize risk of delays with High Availability options
  • Ensure a level of security
  • Assure reliable backup systems
  • Aid in restoring operations with speed

At Midwest IT Solutions, we are your information technology partner.  We will work with you to ensure that your unique IT Disaster Recovery Plan focuses on prevention, anticipation, and mitigation.  Before any plan is deployed we will: perform a comprehensive risk assessment, prioritize your processes and operations, inventory all equipment and technology resources.  Once these steps have been completed we will create a step-by-step IT Disaster Recovery Plan unique to you and your specific IT environment.  Don’t get caught off guard.  Disaster could strike at any time and, if you are not properly prepared, you too could experience the pain and disruption we now see for Delta.  Contact us today to discuss a customized IT Disaster Recovery Plan.