March 31st is World Backup Day – Create a Properly Planned Backup Process

With March 31st being World Backup Day, it only seems right to talk about the importance of having a well-planned backup process.  Every day we read about malicious attacks on organizations, and there is no doubt that these attacks, especially ransomware, will continue to grow drastically in 2018.

Ransomware is a form of malware based on encryption software that seeks payment (ransom) to undo the damage it causes; when infected, the malware typically encrypts all data files, rendering them useless until the ransom is paid.  Encryption software scrambles a files’ contents and creates an encryption key, essentially a code used to reverse the process.  Unless you have this key and the encryption software, the files remain unreadable.

Ransom prices will vary depending on the ransomware variant and the price or exchange rates of digital currencies. Thanks to the perceived anonymity offered by cryptocurrencies, ransomware operators commonly specify ransom payments in bitcoins.  Recent ransomware variants have also listed alternative payment options such as iTunes and Amazon gift cards.  Paying the ransom is risky, and not recommended.  It will not guarantee that users will get the decryption key or unlock tool required to regain access to the infected system, and it potentially will make you more of a target in the future.

The only way to thwart ransomware is by restoring the corrupted files through a backup that was created before the infection.

A properly planned and implemented backup process is vital since data stored on a network server represents many hours of effort over time, making it impractical and usually impossible to recreate.  A properly functioning, multi-point-in-time backup is necessary to provide restoration under these and other scenarios:

  • A server fails
  • A file is deleted
  • A template is written over
  • An application upgrade fails and must be restored
  • A document is inadvertently changed and saved by a user

A backup should be a complete, recoverable copy of not just data, but the entire server/network environment.  It should have these properties:

  • Sequenced over many days
  • Complete image
  • Offsite storage

If you’re ready to get serious about protecting your business data, select a talented company, like Bryley Systems, to help you implement a Backup/Data Recovery solution to eliminate weak links in your security chain.  Let us help you develop an organization-wide policy to help prevent data loss.  Please contact us at 978.562.6077 or Email us today.  We are here to help.

Work Side by Side With Bryley Systems as Your Trusted Managed IT Service Provider. No Storm is Too Big for Us!

Living in New England has its challenges.  It’s no secret that during the month of March we’ve been hit by a number of storms causing snow, ice, rain, heavy wind, and lots of power outages.  And you know what they’re called?  A Nor’easter!  And when it’s REALLY bad?  Well, that’s a Wicked Nor’easter!  We all have our routine at home when a storm “is brewing” – go to the grocery store, make sure the gas tank is full, stock up on batteries, get the flashlights ready, make sure the shovels are nearby, charge all those devices, cross your fingers, and simply “hunker down”.

But what is your routine and line of defense regarding your organizations network infrastructure when a storm is about to hit?

A client of ours recently experienced cascading issues starting with the power going out multiple times which caused their uninterruptible power supply (UPS) to fail.  This resulted in their servers shutting down unexpectedly which followed with a hard drive being corrupted.  If that wasn’t bad enough, their internet service provider (ISP) service was intermittent, their firewall had errors when it was shut down due to the power going out, which then caused its configuration to become corrupted.

Bryley was immediately notified and our engineers responded in person, on-site, to begin the troubleshooting process.  Our engineers found that both the client server and firewall configurations needed to be restored to Bryley’s spare equipment, ensuring the least amount of down time as the replacement parts covered under warranty were being sent.

 

“Please accept our sincere appreciation for all the efforts that your team put towards getting our server running again after the storm hit us last week. I know it was a challenge for everyone, but certainly wanted you to know how great your folks were; both technically & professionally.  You should be proud of your team and I hope you recognize their good work as well.  They’re awesome folks to work with!”

                                                         Thank you, D.G.

                                                        QA Manager, Massachusetts Manufacturing Firm

 

What is your routine when it comes to your business operations?  Well, if you have Bryley Systems as your trusted managed IT service provider you don’t need to lose sleep – we are here for you regardless of rain, snow, sleet, wind, hail, or whatever mother nature tosses your way.

Don’t let the next storm take your business operations down.   Contact us at 978-562-6077, or by email at ITExperts@Bryley.com to learn more. We are here to help.

5 Reasons You Need a VPN Policy

The security of your business is heavily dependent on the ability of employees and executives alike to stay safe wherever they go. They need to make sure their online activities remain unimpeded and that public networks don’t become a data leak risk. Such a leak could damage your company’s reputation and set your business back months.

One of the main tools used to help businesses overcome these obstacles is a Virtual Private Network (VPN), which is a service that can connect a user to an offsite secure server using an encrypted connection. The encryption allows people to keep themselves safe from hackers on public networks (or any unsafe network). The server hides their IP address, allowing them to keep their activities anonymous and get access to restricted or blocked websites.

teamwork

All of these things are great, but VPNs can also cause confusion if not used uniformly or correctly. A “bring your own VPN” policy can prove disastrous for several reasons. Your business needs a standard policy, and here are the five main benefits of instating one:

You Can Better Manage the Configurations

Sometimes VPNs need to be managed to work best for the company. If you have a universal VPN policy or even a universally proscribed VPN for employees (in which case it would be recommended to provide access with company funds to facilitate control), then you can know that everyone has settings acceptable to the interests of the company by making those mandatory settings clear. No one will feel as though another has an unfair advantage as well.

You can use these to limit access to certain websites or regions, or simply help people who don’t know better maximize their speed and access. This kind of plan is absolutely essential if you plan on setting up your own VPN server at your company (although this should only really be done by large organizations), as messing around too much can make things more difficult for other users. It might be worth it to include a “tips and tricks” section next to them.

Uniform Universal Access

Any business should know what their employees are capable of not only in their skillsets but in the tools they are using. If you don’t have a general VPN for the company and everyone is just using their own, you might find that someone’s tool isn’t up to par with what the company needs. In the worst case scenario, someone might download a VPN application that is malware in disguise, not checking up on the service first. This could lead to a massive data breach in addition to dropped communications at a potentially crucial moment.

If your company decides upon a singular (and well-reviewed) VPN to work with and provides access or subscriptions to all relevant employees, then it will be easier to work with those remote and travelling employees knowing that they all are getting the same level of access. Chance and circumstance will be removed from the equation, and your IT specialists will be thanking you for months.

Exact Knowledge of Security

If you have a strong VPN policy that is regularly enforced, you can work under the assumption that all employees using a VPN will have a set level of security wherever they go. This allows you to send and receive sensitive information with much less risk, because unfortunately not all VPNs are created equal.

You don’t want some employees vulnerable to cyberattacks and cyberespionage while others are fine. They might feel emboldened in their security practices by the fact that they use a VPN. In your policies you need to reiterate that danger doesn’t go away entirely due to VPN use, and by having company-wide policies, you can focus on what dangers still prevail. A VPN policy will remind people that it’s not a panacea, but it should always be used.

Rules and Guidelines

People use VPNs for different reasons. Some of those reasons are strictly security related, and others are related to torrenting or pirating files. Most people wouldn’t think to download the latest box office hit on their VPN at the office, but such things do happen, and you need to be prepared for any situation.

If you have a VPN policy, then your company can clearly spell out what VPNs are to be used for and what is acceptable online behavior. Some of it can relate to already existing technology guidelines, but even those should be reiterated in your VPN policy (it won’t do any harm). No one will be able to say they didn’t know better, and clear action can be taken if these rules are broken.

Usage Control and Easier Management

Something you will want to take into consideration is who you allow to use a VPN. If your company is providing VPNs and has strict rules surrounding them, you should only allow employees to use them, not friends and family members. They might have good intentions but later cause a data breach or other critical issue down the line.

A policy will allow you to manage potential issues such as these with little difficulty, and having a pre-selected VPN and policies means that you or someone else can spend less time learning about different VPNs and more time focusing on a single one to optimize. You will be better able to know about potential activity and potential problems, letting human concerns take the forefront.

phoneBlue

VPN guidelines aren’t too difficult to come up with, and in the long run, they will save any business a good deal of time and resources. Implemented correctly, employees won’t have any problems adjusting to them and the company will be safe with a full array of useful information available at all times.

Do you think there are any other reasons that a company should have VPN guidelines? Do you have recommendations of your own that you would like to share with your fellow readers? Any stories regarding a “bring your own VPN” policy that didn’t work out? The sharing of information makes us all improve, so please leave a comment below and continue the conversation about this important tool.

By Cassie Phillips
SecureThoughts.com

The Benefit of a VPN

The news is filled with how internet service providers have the ability to track our web surfing habits and the numerous data breaches that occur – it is no secret that online privacy is nearly non-existent.  Private browsing features can temporarily cover up your browsing history, but they do not completely protect your online activities. A Virtual Private Network (VPN) is one of the easiest ways to protect your employees and your corporate data.

A VPN is a network created between your employee and what they access.  It is a group of servers connected via the internet.  Essentially, your corporate data is encrypted and no one else can view, control, influence or change your activity.

Security and privacy are the main reasons why you would want a VPN. For example, if one of your road warriors is connected to a public Wi-Fi network — like the ones in local cafes and airports — using a VPN encrypts the information they are sending or accessing online. This means things like credit card details, login credentials, private conversations, or other sensitive documents can’t be intercepted by a third party.

Some advantages of using a VPN:

  1. Enhanced security. When you connect to your network through a VPN, your data is kept secure and encrypted – making it difficult for a potential hacker to do damage.
  2. Remote access. The ability to access information from home or while your employees are traveling, will increase productivity while remaining secure.
  3. Access to geo-restricted websites.  If your employees travel overseas, they may experience some US websites that are blocked in that region.  By connecting to a VPN located in the US, your employee will gain access to the site(s) they need.
  4. File sharing.  A VPN will allow you to share files for a long period of time.  While your employees are working on group projects with multiple people accessing data, it allows your employees to accomplish that task securely.
  5. Increased performance. Bandwidth and efficiency of the network can be generally increased once a VPN solution is implemented.
  6. Online anonymity. The advantage of a VPN service is that it allows you to access both web applications and websites in complete anonymity.

If your employees are working remotely, a VPN is a vital component of cybersecurity.  Consult with one of our experts today.

To inquire about Bryley’s full array of Managed Cloud Services and Managed IT Services, please contact us by phone at 978.562.6077 or by email at ITExperts@Bryley.com. We are here for you.

The Internet of Things: Convenience vs. Risk

The Internet of Things (IoT) is everywhere.  These convenient devices are in our homes and offices as well as in our pockets.  Along with the convenience they provide there are some security risks associated by using these devices.  There have been a number of known security breaches reported in the news regarding this topic, and those breaches included massive distributed denial-of-service (DDoS) attacks, and botnet hijacking attacks which have caused major disruption to organizations.

What is potentially affected?  All those devices that communicate and can be accessed via the Internet based upon their IP addresses.  That would include traditional office equipment such as copiers, printers, video projectors, and even televisions in reception areas.  Some of the less obvious devices would be climate control, motion detection systems and security lighting systems which are equipped with remote access can be controlled over the Internet. And, don’t forget the smartphones and smartwatches – these personal devices play a role in a company’s security.  These devices create access points and the best way to be secure is to define a policy to put protections in to place.

Many IoT devices are produced with the very basic software, which often can’t be updated.  As people become more aware of risk, some IoT devices are being brought up to current security standards with periodic firmware updates.  It’s a good start, but the majority of internet-ready devices cannot be integrated into the conventional IT hardware or software protections with which companies protect themselves against internet-based attacks. The variety of new internet-ready devices brings a mass of new data traffic to the network that must be managed and secured by IT departments. But it’s complicated by the variety of network protocols used by all of these various device types.  These devices are being used for personal and business and sometimes the lines of use will cross.  The integration of personal devices will pose a security risk simply because more and more attacks on companies are started against individual employees. As an example, if a device is infected with malware or a virus, it can be used to gain traction and then wreak havoc when it connects to the company’s network.  The tricky part is defining who should be responsible for IoT security – however, it is an important step.

The first consideration you need to make is whether or not connecting a particular device will be a large enough benefit to be worth the inherent risks. Depending on the device, an IoT device could be used to spy on you, steal your data, and track your whereabouts. If the device in question directly offers you a helpful, worthwhile utility, it may be worth the risk. If the connected device serves little purpose beyond its novelty, or its purpose could just as easily be managed by a staff member, it is probably best to leave it disconnected.

By taking inventory you have a benchmark as to all the devices that will connect to the Internet.  An organization should evaluate every single device that is added to the network.  Desktops, laptops and servers are generally tested extensively but mobile devices should also be added to the list.  Oftentimes devices are ignored even though they actively communicate over the network, and strict attention should be given to those devices that send data.  It’s very important to set guidelines for the use of IoT devices.  Be sure to define which devices are permitted on the company network and what data exchange with the network or Internet is desired.  The proper security technology will prevent unwanted traffic.

IoT introduces additional complexity for security.  Organizations are advised to monitor the data traffic to and from IoT devices in their network. Perimeter-based solutions are not adequate in today’s IT environment because users and apps can no longer be contained inside a organization’s network, behind a clearly defined protective wall.  Organizations need to evaluate new security concepts that have already proven reliable as workplace tools of mobile employees and remote offices.  For example, a protective shield from the cloud can scan all incoming and outgoing data traffic for malicious code, regardless of the device used.  With cloud solutions, organizations gain control of all internet-based traffic and can actively manage which communications are permitted or should be blocked. This can include preventing the printer from automatically ordering toner and restricting all other devices to a minimum amount of communication on the web. You should also make sure that the environment that you are using an IoT device in is as secure as possible. Making sure that your firmware is updated will ensure that you have the latest security patches and fixes for the various exploits and vulnerabilities that the IoT may present. If possible, this process should be automated so that your IoT devices, as well as your router, are fully updated.  It may also be a good idea to check if your router supports guest networking. With guest networking, you can keep potentially risky IoT devices off of your main business network, protecting its contents.  Organizations should always make sure that passwords are in line with best practices, and that you are not reusing passwords between devices and accounts. Following these guidelines means that even if one of your accounts is comprised, the rest of your accounts are safe behind a different set of credentials.

Ultimately, the best way to keep your organization safe from IoT issues is to establish rules regarding the use of these devices and monitor their permissions. Extending the consideration of whether or not a device needs to be connected, you need to establish if it even needs to be in the office. After all, a smartwatch can offer some business utility, whereas a smart trash can (which does in fact exist) does not.

Monitoring your organization’s network can help you identify if any unapproved devices have made a connection.

Relocating Your Organization? Set Some Goals and Hire IT Experts to Help.

Moving your business in 2018?

While moving to a new location is exciting, let’s face it, there is a lot that goes into a move, and it has the potential to be very disruptive to your business.  As the moving date approaches all the little details you never even considered suddenly become insurmountable obstacles. By being proactive, you can keep all interruptions to a minimum.  Whether you are expanding or consolidating space, when you are ready to ‘make the move’ keep in mind that you should set some goals and hire some experts to help.  Proper planning can be the difference between a seamless transition or a giant disruption for your business.

Bryley Systems has worked with many clients over the years to assist them in their relocation efforts.  Here are some guidelines based on our experience:

Keep the Communication Lines Open.  Getting everyone up to speed on the details of the plan is essential and training the key personnel on what their tasks are is step 1.  Gather your team and develop a plan so that you know who is in charge of what.  Each member will need to begin working on their tasks to ensure a smooth transition.

Plan Well in Advance. Once you know you’re moving into a new office, scope out the space and decide on the layout, including where everything and everyone will go. That will allow you to plan out what your needs are as far as new office equipment goes, and give employees an opportunity to do their own planning ahead for their new space. Create a map or floor plan so that everyone knows the plan.  If you need new office equipment, allow yourself a couple months to place orders for new equipment.

It is a good idea to reach out to your IT department or service provider at this stage.  At the very least you want to make sure that you will have the necessary network access in your new environment, and they will be able to make recommendations that may inform how best to arrange the space.

Hire a Reputable Moving Company.  Plan well in advance and hire a company that is capable of moving commercial equipment. Your moving company should be held to the highest professional standard as any of your other business partners.

Clean and Toss.  Then Toss Some More!  Don’t bring things you don’t need! Shred all unnecessary papers, get rid of office furniture that has been collecting dust and sell or donate equipment that you won’t be needing anymore.  There is no point in moving things you will not need, and in today’s modern electronic age, why move heavy boxes of paper files?  Scan important documents and create a clean, organized electronic filing system.  And remember, shred those unneeded documents.  Hire a shredding company to remove all the paper so that you don’t leave your organization vulnerable to a security breach.

Get Your Staff Organized.  Have your employees pack things neatly and label everything so that your movers can swiftly put things in to place – efficiency and organization go a long way.

Be Sure to Schedule Meetings and Deadlines Realistically.  It’s very important to give your staff the appropriate time to do everything they need to do prior to the move, along with making sure they keep up with their day to day tasks. If it means creating a buffer zone for meetings, then do it.  Being ill-prepared for a meeting is a disaster so give yourself a few days or a few weeks to be fully up and running in your new location before you hit the road or have a major deadline.

Talk, Talk Talk! Tell Your Clients and Business Partners.  Reducing client concerns is a huge factor so remember to be visible and communicate to the world that you have a new office space.

Yes.  Hire IT Experts – like Bryley! When it comes to your IT hardware, you need a specialist.  You may think you are capable of handling your move internally, but before machines are powered down, they need to be backed up. New ports and connections at your new location need to be in place and ready to go before you get there with the equipment.  Setting up cabling and jacks will need to be installed by an expert to ensure your setup is correct and that your employees are as productive as possible when they arrive to work their first day at the new location. This is not an easy job, and doing it incorrectly can be very disruptive.  If your IT hardware isn’t handled properly, you risk catastrophic data loss at a volatile time for your organization.

This is also a great time to plan for the future.  If you expect to be adding personnel within a certain timeframe after moving, make sure that you bring this up with your service provider.  They can help you plan accordingly so you don’t find yourself replacing hardware you just paid them to move because it can’t handle the new demands you are making of it.

The key to a successful office move is careful planning. Moving your IT is one of the most critical tasks. You need to minimize downtime to prevent any impact on your business.  Bryley Systems has worked alongside numerous companies who needed a capable IT provider to guide them along the way.  We will meet with you, gather details, understand your business and your IT infrastructure, and plan for a seamless transition of your equipment, and work with you at your new site to trouble-shoot any challenges you have.

If you are planning a move, give us a call at 978.562.6077.  We will meet with you, gather details and plan for a seamless transition of your IT equipment. And, we will work with you at your new site to trouble-shoot any challenges you have. We also have a detailed moving guide available on our website for you to reference.

 

Bryley Systems has 30 years of experience taking the worry off of our clients’ shoulders and effectively managing IT environments at a predictable cost. For more information about Bryley’s full array of Managed IT Services and Managed Cloud Services, please contact us at 978.562.6077 or by email at ITExperts@Bryley.com.

We are here to help.

How to Tell a Client You Are Relocating Your Office

Making the decision to relocate your organization is the first step in the process of a very long list of to-do’s.  It is a complicated but rewarding process.  It will take careful planning to eliminate employee downtime and for you to minimize the impact on your business’ day-to-day operations.

One of the crucial tasks involved with moving is to be sure you make it as simple as possible for your clients to find you. Here are some tips to help you communicate that message effectively:

Tell Your Clients as Soon as Possible.  Start telling people far in advance of the actual move date. Use whatever tools you would normally use to reach out to your clients.  Use email, social media, announce it on your web site, include a notice on your email signature and put a note on your invoices. Be sure to post regular reminders and updates about the move.

Why Not Make It Local News?  Contact your chamber of commerce and networking groups to request they make announcements.  It’s a great and effective way of getting the word out there, and typically you’re not paying extra dollars for reaching many people in the community.

Make It a Big Deal.  In every piece of content that you announce the move, make it exciting! Tell your clients why it’s exciting – whether it means a bigger location, you’re expanding your business, or that you’ll be closer to your clients. If you are downsizing, it can be described as a positive business decision aimed at decreasing wasted resources.  Either way, it’s all in how you package it.

Post A Notice On Your Website.  Put an announcement on your homepage in a very visible way. Create a page dedicated to move updates so expectations of office relocation dates are very clear.  On your About Us and Contact Us pages, add information for both your current and new location, including dates you will be moving or closed for moving. If you have a blog, post updates regularly.

Hopefully these tips will help your organization spread the word to your clients to make the transition easy for them!