A Fresh Approach to Business Technology

A lot of buzz words come and go (remember when the Cloud was called “On Demand”?) but the need for consistent uptime and quality problem resolution is a need that never goes away.

So you want a partner that addresses that need efficiently, creatively, and with your business as the priority. That’s Best Technology in a nutshell.

Our team offers a combination of managed, cloud-based, and consulting-based I.T. solutions that can be tailored to the specific requirements of your business. The spectrum of services we offer ranges from network monitoring and administration to equipment repair and helpdesk. We’ve got all the puzzle pieces you need to complete the picture of solid I.T. in your organization.

Team-2015Find out more about our team btc011Find out more about our products and services telephoneGive us a call

We have the Cure to All Ransomware

ransom_note_cardBy now, you’ve certainly heard of Cryptolocker. And Cryptowall. And CTB-Locker. And probably Teslacrypt. Hopefully, you’ve not fallen victim to these awful ransomware variants. They’re nasty, malicious software designed to extort money from your business. Ransomware are computer programs that infect your computers, execute code to encrypt your files, rendering them unusable, then demand a money ransom in exchange for the decryption service.

Typically, the extorted money is paid to the attacker using a Bitcoin exchange. Bitcoin is a digital currency that is anonymous, protecting the attacker and placing the victim entirely at their mercy.

Symantec-ransomware-image

Newer crypto variants will even impersonate the FBI and attempt to blackmail the victimized user.

New variants of the original Cryptolocker just seem to keep showing up, and small businesses spend thousands, sometimes tens of thousands, recovering from the damage they wreak. A ransomware like Cryptolocker is the digital equivalent of a tornado–except the bad guys have the power to control the weather.

What’s worse, the newest ransomware variants spread very quickly, usually through e-mail and the web, so quickly that anti-malware programs don’t always have the measures needed to recognize them when they first hit the Net.

By some estimates, ransoms are earning the criminal programmers as much as 25 million dollars every month.  But your business doesn’t need to be a victim of these destructive agents.  In fact, we can show you how to galvanize your business against threats like Cryptolocker and its nasty cousins. The key to beating these guys is good old fashioned best practices: Those who operate their networks and computer systems according to best practices simply don’t have to contend with ransomware.

That’s right. It’s not about anti-virus software. It’s not about firewalls.  It’s not even about backup cartridges or shadow copies. If you don’t have a policy of best practices in place, these tools will be useless. The cure to all ransomware is prevention–specifically, prevention through best practices.

So what are best practices on a small/medium business network? Let’s quickly go over my three favorites:

The original CryptoLocker malware offered a wizard to step users through paying the ransom.

The original CryptoLocker malware offered a wizard to step users through paying the ransom.

1. Don’t allow network users to run as local administrators.  Granting a rank-and-file network user privileged access to their computer system (that is, making them an administrator on it) might give them more freedom and self-reliance, but if you don’t trust their judgment, it also leaves a gaping security hole that ransomware might will take advantage of. This is the golden rule of ransomware preparedness: Don’t give local admin access (or network admin access!!) to any users on your system.

2. Don’t grant overly-permissive file access.  Once a ransomware attack is underway, the ransomware will be impersonating the user who hatched it (that is, granted it the ability to run, whether intentionally or by being duped by one of those phony FedEx notification emails).  That means, it will have the same permissions on the local computer and on the network as that particular user. So if that user has permission to a lot of file stores, so does the malware.  Files stored on cloud services like OneDrive can even be damaged, if the user has been granted access to them.  Minimize file access and compartmentalize file structures by isolating permissions to the fewest users possible–that’s the best practice.

3. Don’t permit the use of stupid passwords on your network. Many malwares will attempt to penetrate your system by taking advantage of accounts with easy-to-guess passwords. These might be passwords based on a dictionary word, or simple variants of the user’s login name. In order to be resilient against malware, passwords must be complex, long, and not based on real-language words.

These three bits of best practice advice are a good start if you’re trying to correct your business’s lazy posture regarding malware–but they just represent the tip of the iceberg.  An organization who executes network/computing best practices from top to bottom and from bow to stern will never suffer from the devastation of crypto-ransomware.

Best Technology can help you with best practices right now, so give us a call.

 

What Non-medical Businesses can Learn from HIPAA

By Ted Wallingford, CEO, Best Technology

Ted Wallingford, CEO

Ted Wallingford, CEO

Most of us are familiar with the HIPAA security rule–a law governing how businesses are able to use, share, and divulge data about medical patients–because we’ve been a consumer of medical services at one point or another. So we’ve all signed that “HIPAA Compliance Statement” before seeing a doctor when we have the sniffles.

But HIPAA is more than a simple disclosure that requires a signature. In fact, HIPAA is a set of best practices that you should be paying attention to–and implementing–even if you aren’t in the medical field.

Why? Because this set of best practices is really just a fantastic way to protect all sorts of consumer data, from credit card numbers to legal correspondence to credit information.  While the data protection requirements of the law pertain specifically to medical information of a personally identifiable nature–that is, info about a specific person–those same protection requirements can be applied to sensitive non-medical data, too.

Let’s examine how HIPAA mandates can be applied in both medical and non-medical environments to reduce risk, increase compliance, and protect your organization.

To start things out, let’s talk about the dual nature of HIPAA.  The acronym actually stands for Healthcare Information Portability and Accountability Act. The two main concerns of the law are Portability and Accountability.  The Portability portion, spearheaded by Congress as far back as the sixties, is designed to ensure that  physicians and medical staffers can access patient records during the course of care, and transmit them to other physicians and staffers as needed.  This would yield higher quality care.

But, with portability comes a security risk. Electronic data systems of the 1960′s were relatively primitive (hospitals were using carbon forms and didn’t have computers yet), so the risk was one that could be contained primarily with lock and key. After all, just about every medical record then was stored on paper, in a file cabinet somewhere.  That all changed when computers and high-speed networks became standard in healthcare during the 70′s and early 80′s.  The emergence of electronic patient data magnified the risk associated with portability.

In the old days, a courier or postman could transport a patient chart in a sealed envelope, and the security of that transportation was backed by either a private contract or an assumption of best practices (ie. mailmen never open the mail they transport). But now, with electronic data transfer disrupting the industry, a new set of best practices had to be defined, to make sure that the portability of patient data didn’t occur at the expense of its privacy.

The answer was Congress’s HIPAA Security Rule–one of the most sweeping best practice documents in history, and an excellent guide for how to protect ANY kind of data by using daily, habitual practices.  The Security Rule requires, among other things, that encryption to be employed whenever personal medical information is stored or transmitted.  The idea here is that, even if the data were to fall into the wrong hands while being transported or stored, it would be unreadable.

This is also a best practice for the rest of us, even outside the field of broken legs and whooping cough, because we need our business data to be both portable and secure.  HIPAA provides an awesome model for ensuring both.

Other industries are governed by other regulations, including Gramm-Leech, Sarbanes-Oxley, and PCI-DSS. But all have been shaped by HIPAA.  The Cloud factors into HIPAA compliance, and you might be surprised to learn the truth about the security of cloud services. In a future post, we’ll talk about that.

Ted Wallingford is the founder of Best Technology and the author of two O’Reilly Media books about Data and Voice Networking. He can be reached at ted@btstrategy.com.

Continue Reading>> What Non-Medical Businesses can Learn from HIPAA, Part 2

 

Is everything really going to the Cloud? Advice for business owners.

“Everything’s going to the cloud,” some say.  And others add, “It’s only a matter of time before everything’s in the cloud.”

But what does that mean exactly? Most business owners still don’t know what the cloud is and how it might affect their business.  I’ve personally spent a lot of time over the last three years gaining an understanding of just what the cloud means to Best Technology–but before I get ahead of myself, let’s make sure we both understand what the cloud is.

The cloud, from the standpoint of a small/medium business owner, manager, or I.T. director, is the term used to describe giving a third-party service provider the responsibility for some technology function of your business. The service provider uses the Internet to deliver access to this function to the users of that function.  An easy way to remember this definition is:

Third-party + Delivered by Internet = Cloud.

Perhaps the function being delivered is e-mail, data backup, or file-sharing.  Perhaps it’s mobile phone usage tracking or fleet management.  Maybe it’s financial record-keeping or billing. It could be medical charting or dispatching for a plumbing business.

Sure, the cloud is capable of many things, and the prospect of moving some of your technology functions into the cloud may seem overwhelming, and confusing. But there are only two questions you need to ask in order  to determine if a move is appropriate:

- Will the cloud save my business money in the long-term?
- Will the cloud make my business more efficient?

Some cloud services provide a near-immediate return on investment (file-sharing and Hosted Exchange, for instance), while others may be purely long-term propositions–like cloud-based backup & recovery services.

Then there’s the question of efficiency. Since cloud services are tied to the speed of your Internet connection (and not your local network speed like traditional in-house applications), they can be subject to slower performance.  Just how slow? Well, that depends on the nature of the function you’re moving into the cloud.

Take file sharing as an example. If you share relatively small Excel spreadsheets (say a few hundred kilobytes each), you aren’t likely to perceive any slowness when opening them and saving your changes to them.  However, if you share large files, like high-resolution photographs, CAD drawings, and big databases, then you will probably notice that opening and saving them is very slow indeed–a real productivity killer.

This is especially true in areas where access to the Internet is relatively slow.  The faster your Internet connection, the more pep your cloud services will convey.

When considering outsourcing a technology function into the cloud, I would suggest that you consult with somebody who has done it before, and somebody who has done it a lot.  The cloud isn’t always a foregone conclusion, and you need to decide which pieces of your business’s technology can be reliably moved.  Will they be cheaper in the cloud? Will they be efficient?

Best Technology can assist you in answering these questions. Give us a call.

Best Technology’s I.T. team helps launch new factory in Rockford, Illinois

There were many decisions to make when a medium-sized screw machine manufacturing firm in Elyria, Ohio, who manufacturers steel parts for companies around the globe, decided to expand its operations. Where would a new plant be located? How many machines would it need to house? How many employees would it have, and on how many shifts?

What kind of networking capabilities would be required? How costly would it be to support computer systems at the new site? How fast would the network connections at the new site need to be?

Working with this firm’s manager of information technology, Best Technology developed a thin-client solution that allowed for deployment of ten workstations at the new site in a three-day period, including complete virtualization and backup. By leveraging a combination of solutions produced by Microsoft, Dell, and Wyse, Best Technology engineers Ted Wallingford, Buck Trnavsky, and Jeff Anderson were able to create a highly-manageable, high-speed virtual computing solution for the firm.

The advantages of the thin-client/virtualized approach are:

  • The manager of I.T. doesn’t need to worry about application with compatibility or a trojan taking down his terminal servers, because there are no terminal servers.
  • Immediate restore to default configuration is possible and easy on all workstations using VM snapshots.
  • Compatibility with accessory hardware like freight scales and punch clocks was enabled using Wyse thin client driver software.
  • The entire environment can be managed from Elyria, where the main office is located.
  • Because the virtual workstations run Windows 7 Professional, the end-user experience is the same as a more expensive (and less energy efficient) PC workstation.

Talk to Best Technology about your next expansion project–virtualization can save you time, money, and headaches.

cnc

The I.T. Team with the Right Tools for Your Business

Team-2015At Best Technology, our team’s main focus is the success of your business. From desk side software assistance to remote support and server monitoring, everything we do is geared around keeping your important systems up and running–so you and your business can succeed.

To accomplish this, we hire the best, maintain a very high baseline of industry-recognized certifications, and strive to find team members that are difference-makers. We want all of our teammates to bring the intangibles–professionalism, courtesy, and efficiency–to the service we provide for your organization.

Find out more about our team here, or contact us.

MPW Construction stays ahead of the competition with Best Technology

backhoe-pic-2

MPW Construction Services was founded in 1976, starting life as a basement pouring contractor, then known as Modern Poured Walls Inc.

During the eighties and in the periods that followed, MPW added excavating services, concrete flatwork, waterproofing, and commercial construction. In 2005, the firm grew to 220 employees and became a premier provider of several turnkey construction solutions.

Some time back in 2000, MPW was at a crossroads. Growth had propelled the company into the information age, and its need to utilize more advanced automation systems—like scheduling applications—became clear. To remain competitive, like many at the time, MPW gave the duties of providing I.T. support to an employee who had experience with CAD drawings.

This approach seemed sufficient until 2006, when the housing economy took a nose dive. As MPW’s founder and leader, Scott Smith says, “The economy hit hard and we had to make some serious cuts. But we still needed to maintain our I.T. support in a cost-efficient way, which is where Best Technology came in.”

Best Technology began consulting with MPW in late 2009, first by transitioning the current systems and policies of the company. This initial transition process consisted of analyzing MPW’s I.T. practices in order to determine how much work would be required to optimize utilization of best practices. This first step is typical with new clients of Best Technology. Going from “the way we’ve always done I.T.” to “the way the industry says is best” is a critical step in the long-term success of each client’s I.T. asset base.

In MPW’s case, the first several months of the relationship involved a lot of discovery and documentation—tasks that would be critical to the relationships months and years later. “In my role as CEO,” Smith says, “I need people who think strategically and that can be proactive in finding and resolving I.T. issues.” Best Technology’s first responsibility is to fill that role—to provide a virtual I.T. Manager without incurring an expense that’s anywhere close to an I.T. Manager’s salary.

Once a client relationship is established and best practices are in place, Best Technology utilizes a combination of automated monitoring, maintenance, helpdesk support, and in-person consulting. “Best Technology tries harder than anyone I know in the field. Their dependability through stressful situations has been appreciated, and they have even been available to us after hours and on weekends,” Smith explains.

The improvements brought by the relationship with Best Technology have positively affected both the expenses and efficiencies of MPW’s I.T. operation. Smith says he has seen an improvement in overall downtime, while his direct costs have decreased. But the real gain for MPW has been the avoidance of opportunity costs because MPW’s critical systems have become more reliable and less prone to unanticipated problems.

“Before,” Smith continues, “we were not getting what we wanted from our I.T.” But today, without an increase in direct expenses, Smith says, “we are getting what we want and need.”

Specifically, Best Technology is enforcing a regular maintenance schedule to prevent downtime, running 24×7 monitoring of MPW’s systems to decrease issue-resolution time, and providing MPW access to a consulting staff much deeper than just one person.

“The best thing about this arrangement,” says Ted Wallingford, CEO of Best Technology, “is that customers the size of MPW now have access to a deep I.T. staff with experts in every category: software, servers, networking, telecommunications, repair service, quality control, equipment acquisition, disposal, and strategy. Now they have all that, along with a full-service helpdesk like the kind you see in much larger firms.”

Best Technology’s hope is that, because of our customer partnership with MPW Construction Services, they are prepared for growth through best practices. Whether those practices apply to security, compliance, business continuity, or expense prevention, Best Technology is there to lead the way. “Best always figures out the problem,” Smith concludes.