Best Technology Receives Prestigious Weatherhead 100 Award

Image result for weatherhead 100 logo

Today, Best Technology received a 2016 Weatherhead 100 Award, a special honor given by the Weatherhead School of Management at Case Western Reserve University in Cleveland.  Best Technology, founded in 2006, was nominated in the category of “Upstarts”, for well-established small organizations.  Best Technology provides help desk, repair, and network management services to about forty-five businesses in Ohio, Florida, Michigan, and Pennsylvania.

The award was presented to Best Technology’s management team at the Weather 100 Awards Banquet on December 1, 2016.  This was Best Technology’s first time receiving the honor.

“It’s very exciting,” said Ted Wallingford, CEO of Best Technology. “We believe that by executing our core values of honesty and integrity while delivering superior tech service, we’ll continue to grow. Receiving an award that validates this philosophy helps our team and our peers to understand why we do things a bit differently at Best Technology.”

That difference is the key to the success of the company’s I.T. services customers, like KS Associates, a civil engineering firm and client of Best Technology. “What I like most about Best Technology is their quick and detailed communication regarding their efforts to support our business,” said Mark Skellenger, Vice President of KS Associates. “We’ve worked with Best Technology for ten years and hope to for another ten.” (KS Associates is also a former recipient of the Weatherhead 100 Award.)

Best Technology is a prior two-time winner of the Golden 30 Award (2011 and 2012), presented to companies who’ve demonstrated world-class business performance.

Automation Isn’t Always the Answer, Warner Bros. Will Tell You

Image result for copyright lawsuit

It was recently reported that Warner Brothers film studio filed a request with Google to have its own material removed from the search index.  Warner claimed that the material–kept on its own web sites–was in violation of copyright law.  Of course, Google complied with the request and removed the material–links to films like The Matrix and The Dark Knight.

Naturally, this didn’t go unnoticed. The BBC reported the gaffe and charged an anti-piracy consulting company called Vobile with making a mistake by reporting the legitimate Warner content as pirated.

Turns out, this isn’t the first time it’s happened. In fact, the culprit in most of these mistaken identity cases is automation. Companies like Vobile use automated algorithms to spot smoking guns online–except, in these cases, their algorithms weren’t as keen as they would’ve been if aided by the judgment of a human review.  This lesson is something being learned in the self-driving car business, too.

Best Technology also uses automated systems to monitor and maintain our clients’ computer systems and networks–however we pride ourselves on a rigorous commitment to manual, human-conducted maintenance. The reason for that commitment is underscored in the Warner Brothers copyright story.

Computers and software can be used to speed up content analysis, and even to speed up decision-making. But ultimately, the holistic, organic, situational judgment of our team of people is what sets us apart from other managed I.T. services companies. Best Technology combines the process of escalation with team-based troubleshooting and good judgment guided by best practices.

Yes, we use automated tools in our own private cloud, but we also practice critical thinking and perform serious analysis on our clients’ behalf.  One such example of this is our Managed Security Controls program, which offers security auditing as a managed service. Could we offer this using only automation? Yes, but the real value is in the brainpower provided by our consulting team.

We have the Cure to All Ransomware

ransom_note_cardBy now, you’ve certainly heard of Cryptolocker. And Cryptowall. And CTB-Locker. And probably Teslacrypt. Hopefully, you’ve not fallen victim to these awful ransomware variants. They’re nasty, malicious software designed to extort money from your business. Ransomware are computer programs that infect your computers, execute code to encrypt your files, rendering them unusable, then demand a money ransom in exchange for the decryption service.

Typically, the extorted money is paid to the attacker using a Bitcoin exchange. Bitcoin is a digital currency that is anonymous, protecting the attacker and placing the victim entirely at their mercy.


Newer crypto variants will even impersonate the FBI and attempt to blackmail the victimized user.

New variants of the original Cryptolocker just seem to keep showing up, and small businesses spend thousands, sometimes tens of thousands, recovering from the damage they wreak. A ransomware like Cryptolocker is the digital equivalent of a tornado–except the bad guys have the power to control the weather.

What’s worse, the newest ransomware variants spread very quickly, usually through e-mail and the web, so quickly that anti-malware programs don’t always have the measures needed to recognize them when they first hit the Net.

By some estimates, ransoms are earning the criminal programmers as much as 25 million dollars every month.  But your business doesn’t need to be a victim of these destructive agents.  In fact, we can show you how to galvanize your business against threats like Cryptolocker and its nasty cousins. The key to beating these guys is good old fashioned best practices: Those who operate their networks and computer systems according to best practices simply don’t have to contend with ransomware.

That’s right. It’s not about anti-virus software. It’s not about firewalls.  It’s not even about backup cartridges or shadow copies. If you don’t have a policy of best practices in place, these tools will be useless. The cure to all ransomware is prevention–specifically, prevention through best practices.

So what are best practices on a small/medium business network? Let’s quickly go over my three favorites:

The original CryptoLocker malware offered a wizard to step users through paying the ransom.

The original CryptoLocker malware offered a wizard to step users through paying the ransom.

1. Don’t allow network users to run as local administrators.  Granting a rank-and-file network user privileged access to their computer system (that is, making them an administrator on it) might give them more freedom and self-reliance, but if you don’t trust their judgment, it also leaves a gaping security hole that ransomware might will take advantage of. This is the golden rule of ransomware preparedness: Don’t give local admin access (or network admin access!!) to any users on your system.

2. Don’t grant overly-permissive file access.  Once a ransomware attack is underway, the ransomware will be impersonating the user who hatched it (that is, granted it the ability to run, whether intentionally or by being duped by one of those phony FedEx notification emails).  That means, it will have the same permissions on the local computer and on the network as that particular user. So if that user has permission to a lot of file stores, so does the malware.  Files stored on cloud services like OneDrive can even be damaged, if the user has been granted access to them.  Minimize file access and compartmentalize file structures by isolating permissions to the fewest users possible–that’s the best practice.

3. Don’t permit the use of stupid passwords on your network. Many malwares will attempt to penetrate your system by taking advantage of accounts with easy-to-guess passwords. These might be passwords based on a dictionary word, or simple variants of the user’s login name. In order to be resilient against malware, passwords must be complex, long, and not based on real-language words.

These three bits of best practice advice are a good start if you’re trying to correct your business’s lazy posture regarding malware–but they just represent the tip of the iceberg.  An organization who executes network/computing best practices from top to bottom and from bow to stern will never suffer from the devastation of crypto-ransomware.

Best Technology can help you with best practices right now, so give us a call.


What Non-Medical Businesses can Learn from HIPAA: Part 2

By now, you’ve familiarized yourself with the dual nature of HIPAA, a law concerned with providing Portability and Accountability for users of personally identifiable data in the healthcare industry.  And by now, you’re probably beginning to understand with the HIPAA mandates are actually useful in non-healthcare fields, like finance and professional services.

In the previous installment of this series, we talked about the Portability focus of the law.  In this installment, we’ll talk about its counterpart: Accountability.

When one defines accountability, they usually think of concepts like transparency and consistency. The phrase “same way every time” comes to mind, and liability protection is a strong theme, particularly when accountability is defined in HIPAA vocabulary.

Of course, the law’s focus is on the privacy protection of data about patients and their medical care, whether that data is in storage or in transit from one service provider to another–say, a dentist to an orthodontist, or a surgeon to an insurance company.  Relative to privacy protection, accountability means “prove it.”  Prove that you provide transparency, consistency, liability protection, and, most importantly, privacy in your handling of data.

Accountability is also a best practice concept for companies doing business in entirely non-medical industries. In the investment industry, the Sarbanes-Oxley regulations provide a similar requirement for transparency and privacy of financial transactions and the parties involved.  In the credit card processing industry, a voluntary compliance standard called PCI-DSS is there to ensure accountability.  In the mortgage industry, the Gramm-Leech act, or GLBA, exists to ensure accountability. Starting to see a pattern?

All these measures say: Prove you’re accountable. Prove you protect the privacy and security interests of your customers.

And all these measures flow from HIPAA, perhaps not directly, but certainly in spirit.  That’s why it makes sense for business operators in largely unregulated industries to look at HIPAA first when seeking a framework for best security practices.  HIPAA is the most generic, and therefore the most applicable to non-medical data protection, despite its intent to focus on the healthcare field.

Best Technology uses a version of a HIPAA communication protocol to protect sensitive information passed between our customers, vendors, and employees. We call it our Security and Privacy Protocol–but it’s really just an adaptation of one of the HIPAA privacy mandates  found in the Department of Health and Human Services’ Security Series documents (which you can find here).

This adaptation of a HIPAA guideline is one way we’ve taken guidance from the law. There’s a great deal of wisdom and guidance contained in the HIPAA rules, and even though the law itself seems like it’s a mile long, the applications for it are extremely practical, whether your a doctor, a lawyer, or a graphic artist.

If you need help with HIPAA compliance, give us a call.

Ted Wallingford is the founder of Best Technology and the author of two O’Reilly Media books about Data and Voice Networking. He can be reached at

You can find part one in this series here.


What Non-medical Businesses can Learn from HIPAA

By Ted Wallingford, CEO, Best Technology

Ted Wallingford, CEO

Ted Wallingford, CEO

Most of us are familiar with the HIPAA security rule–a law governing how businesses are able to use, share, and divulge data about medical patients–because we’ve been a consumer of medical services at one point or another. So we’ve all signed that “HIPAA Compliance Statement” before seeing a doctor when we have the sniffles.

But HIPAA is more than a simple disclosure that requires a signature. In fact, HIPAA is a set of best practices that you should be paying attention to–and implementing–even if you aren’t in the medical field.

Why? Because this set of best practices is really just a fantastic way to protect all sorts of consumer data, from credit card numbers to legal correspondence to credit information.  While the data protection requirements of the law pertain specifically to medical information of a personally identifiable nature–that is, info about a specific person–those same protection requirements can be applied to sensitive non-medical data, too.

Let’s examine how HIPAA mandates can be applied in both medical and non-medical environments to reduce risk, increase compliance, and protect your organization.

To start things out, let’s talk about the dual nature of HIPAA.  The acronym actually stands for Healthcare Information Portability and Accountability Act. The two main concerns of the law are Portability and Accountability.  The Portability portion, spearheaded by Congress as far back as the sixties, is designed to ensure that  physicians and medical staffers can access patient records during the course of care, and transmit them to other physicians and staffers as needed.  This would yield higher quality care.

But, with portability comes a security risk. Electronic data systems of the 1960′s were relatively primitive (hospitals were using carbon forms and didn’t have computers yet), so the risk was one that could be contained primarily with lock and key. After all, just about every medical record then was stored on paper, in a file cabinet somewhere.  That all changed when computers and high-speed networks became standard in healthcare during the 70′s and early 80′s.  The emergence of electronic patient data magnified the risk associated with portability.

In the old days, a courier or postman could transport a patient chart in a sealed envelope, and the security of that transportation was backed by either a private contract or an assumption of best practices (ie. mailmen never open the mail they transport). But now, with electronic data transfer disrupting the industry, a new set of best practices had to be defined, to make sure that the portability of patient data didn’t occur at the expense of its privacy.

The answer was Congress’s HIPAA Security Rule–one of the most sweeping best practice documents in history, and an excellent guide for how to protect ANY kind of data by using daily, habitual practices.  The Security Rule requires, among other things, that encryption to be employed whenever personal medical information is stored or transmitted.  The idea here is that, even if the data were to fall into the wrong hands while being transported or stored, it would be unreadable.

This is also a best practice for the rest of us, even outside the field of broken legs and whooping cough, because we need our business data to be both portable and secure.  HIPAA provides an awesome model for ensuring both.

Other industries are governed by other regulations, including Gramm-Leech, Sarbanes-Oxley, and PCI-DSS. But all have been shaped by HIPAA.  The Cloud factors into HIPAA compliance, and you might be surprised to learn the truth about the security of cloud services. In a future post, we’ll talk about that.

Ted Wallingford is the founder of Best Technology and the author of two O’Reilly Media books about Data and Voice Networking. He can be reached at

Continue Reading>> What Non-Medical Businesses can Learn from HIPAA, Part 2


Andrea Witt Joins the Best Technology Team

Andrea-WittAt Best Technology, we’re always on the lookout for kindred spirits: those folks who love to help create successes each day.  People who understand that our own success comes only when we aide our customers in achieving their success.  People like Andrea Witt.

Andrea recently joined Best Technology as our Business Office Manager. She’s based in our service center in the Great Lakes Technology Park. Her mission is to enable our customers success by providing competitive, accurate equipment and software solutions while managing the daily affairs of our main office.

“I joined Best Technology because I love watching my customers succeed, and I knew that at a growing place like this, I would definitely have that opportunity,” Andrea says.

We’re excited about Andrea’s experience—which includes being a business unit manager for Verizon, HR studies in college, and a history of passionate customer service.

“While my chief concern is making sure the business runs smoothly—that really means helping our customers’ businesses to run smoothly,” Andrea explains. “It really makes me happy that I can help the team promote efficiency and growth among our awesome clients.”

It really makes us happy to have Andrea on board!


Here come the holidays, and the hackers

store-credit-card-worthWhen the weather cools off, the snow flakes begin to appear in the air, and the retail stores are decked out in green bows, red ornaments, and silver tinsel. Big-ticket consumer purchases drive the big retailers towards profitability, and hacker stories dominate the news.

Last year, it was Kohl’s who lost millions of credit card numbers in an infamous data breech.  Hackers stole the personal data of Kohl’s customers, and of Target customers too.  Between November and December of 2014, about 450 million dollars worth of damage was done to the two retailers–and I was among the millions of consumers affected. You probably were as well.

The perennial barrage of hack attack news stories and subsequent replacement debit cards and credit cards serves to remind us all of something very important: digital fraud is very real, and it affects everybody.

So how can small/medium business owners and managers protect their own systems from the fraud, snooping, and impersonation hackers do? We all know the obvious stuff–like using anti-virus solutions and properly configuring an Internet firewall appliance, but how else can we take a strong posture against digital fraud?

First, if you run in-house servers, or if your company uses the Internet for any portion of its work (and what company doesn’t?), you should be utilizing a managed services solution such as Best Technology’s Sentinel.  This takes the diagnostic burden out of your server room and allows us to catch denials of service on your systems sooner than any other solution.

Second, make sure your computer users are engaged in a very strongly worded Acceptable Use Agreement. This type of employee covenant document defines what type of computer use is OK, and what kind is prohibited.  Not all employees may realize that using social networks, for instance, actually gives rise to security problems–unless you spell it out for them.  We can assist you in creating this important compliance document.

Third, choose software solutions that don’t require your employees to have any administrative rights in order to use them. Most of our clients who experience security issues and malware problems are stuck with software that won’t run correctly unless administrative rights are permitted for the software’s users.  This is a huge problem, because malware programmers and hackers can use this situation to very easily con users into executing malicious programs.  By selecting solutions that don’t require administrative rights, you can just about eliminate this type of security risk.

These are really just best practice tips–and there are more of them.  Give us a call to find out how to lock down your systems and save yourself the hassle, expense, and litigation associated with a data breech.


Scott Flournoy Joins the Best Technology Team

Scott Flournoy, Business Technology Consultant

Scott Flournoy, Business Technology Consultant

Scott Flournoy joined Best Technology as a Business Technology Consultant last month–and he’s quickly become an integral part of our problem resolution process.  Customers love to speak with him on the phone and on site while he works with other members of our team to resolve their tech problems and improve the reliability of their systems.

Scott is a graduate of the Lorain County Community College Associates’ program in Network Technology and recently worked as a network support technician at Sherwin Williams.  We’re proud to have Scott on board here at Best Technology!

Best Technology Founder Appointed to Team Lorain County Board

photoThis summer, Ted Wallingford, founder and CEO of Best Technology, accepted an appointment to the Team Lorain County Board of Directors.  Team Lorain County is a private non-profit organization whose chief mission is economic development through the retention and expansion of businesses located within the county, which lies twenty miles west of Cleveland, Ohio.

Best Technology has been headquartered in Lorain County since 2006. In his role as a board member, Wallingford will contribute to the continued economic progress of Lorain County businesses, which in turn drives the job outlook for residents of Cleveland-west region.  The nomination was submitted by North Ridgeville Mayor David Gillock.

“Best Technology was born and raised right here, so, by serving Team Lorain County, I can repay some of the benefits our company has reaped over the last ten years,” said Wallingford. “This really is a great place to do business.”

Best Technology has been headquartered in Lorain County’s Great Lakes Technology Park since 2008, when it established its central help desk and Service Center. “Lorain County really is in our DNA,” Wallingford adds. “I’m proud that we’ve been able to create and retain quality employment opportunities right here at home.”

For more information on Team Lorain County, visit