Contact Us Today!   314.394.3001   |   info@andersontech.com
malware - ecommerce times

Quotables: Windows 7 End of Life (E-Commerce Times)

/in , , /by

Mark Anderson’s expert advice is featured in E-Commerce Times, providing context for the upcoming Windows 7 End of Life date.

The most visible threat to an unpatched OS is ransomware planted on your computer or network in an effort to extort money for returning your data. If you’re an etailer or other electronic business, losing your customer list, vendor information, and invaluable store data could leave you out of business for days, weeks or permanently.

Paying the ransom doesn’t ensure all the data will return or that you can return to normal operations in time to mitigate the costs. If you don’t have recent, secure backups that didn’t get compromised, your recovery options are severely limited.

Read the full article on the E-Commerce Times website:

https://www.ecommercetimes.com/story/86366.html

Are you in need of expert IT consulting?  Anderson Technologies is a St. Louis IT consulting firm that specializes in system administration for small businesses.  Let us help you today!  Give us a call at 314.394.3001 or email us at info@andersontech.com.

What are Quotables?  This is a category in our posts to highlight any professional publications that benefit from our expert IT consulting advice and quote us in articles for their readers. 

driverless car

AI: Should We Fear the Demon? (Not Yet)

/in /by

The world of Artificial Intelligence (AI) may not have a more well-known figure than Elon Musk, entrepreneurial head of Tesla and SpaceX. In a 2014 interview, Musk stated: “With artificial intelligence we are summoning the demon. In all those stories where there’s the guy with the pentagram and the holy water, it’s like yeah, he’s sure he can control the demon. Didn’t work out.”

While Musk’s concerns haven’t been proven completely unfounded, AI today functions strictly within the realm it is programmed for. Becoming a “demon” with expanding abilities and intelligence out of our control is currently beyond its limited capacity. Even AI that is designed to “learn” only learns within the confines of what it has been specifically programmed for, and as driverless cars show us, learning and doing are two different things.

Driverless Limitation

One of the most glaring examples of AI’s current limitations is in the rise in autonomous vehicles. General Motors, Uber, Waymo, and Tesla’s Autopilot are only a few in the race to true self-driving cars. Driverless car software utilizes machine learning, and the software is far from perfect.

Recognizing a bicycle and then anticipating which way it’s going to go is just too complicated to boil down to a series of instructions. Instead, programmers use machine learning to train their software. They might show it thousands of photographs of different bikes, from various angles and in many contexts. They might also show it some motorcycles or unicycles, so it learns the difference. Over time, the machine works out its own rules for interpreting what it sees. – Zachary Mider, Bloomberg

But as much as a computer learns about what potential hazards might look and act like, computers still have no grasp of three basic concepts: time, space, and causality. This approach, while it does keep a self-driving car from becoming KITT or Herbie, also keeps self-driving cars from being truly 100% error free. Unlike human drivers, cars will never be able to fully understand consequences or anticipate randomized behavior that may be apparent from factors these cars haven’t been programmed to recognize.

And what about scenarios that self-driving cars aren’t being trained for? In October 2019, testing by AAA indicated that dummy pedestrians crossing the road were hit 60 percent of the time, even in daylight and at low speeds. Such obvious limitations should, and do, give users pause.

While self-driving technology may be improving in some ways, seven in ten Americans still have no interest in using—or even sharing the road with—driverless cars. Driver-assist technology, on the other hand, is far more popular. Human input and supervision, it seems, still offer something that machine learning cannot replicate. Driver-assist technology allows users to benefit from the areas where AI has excelled, such as alerting drivers when they veer from the center of a lane or back up too close to an obstacle, but humans still stay in control to make split-second decisions on the road.

Functioning in Limited Capacities

While driverless car technology dominates headlines, AI is being used successfully in more limited capacities. Where machine learning does excel is in analyzing data sets far too large for human processing.

Using publicly available data and AI, university student Anne Dattilo discovered two exoplanets. Footage from Kepler space telescope tracked “100,000 stars in its field of view.” Dattilo’s modified AI was programmed to identify and flag stars that, due to light fluctuations, appeared to have planets. Dattilo and human colleagues confirmed the findings.

Elsewhere, scientists are using AI to sift through audio recordings for the sounds of elephants in the rainforests. This data is then used to count the animals, helping to provide a more accurate picture of population and poaching rates.

These highly focused uses of AI have proven successful in accomplishing what humans alone could not. Success in the science field, however, doesn’t seem to translate to highways or a grander intelligence.

A Constrained Approach

Some researchers hold the belief that machine learning and AI as it exists now simply may not hold the keys to the change promised by innovators and fiction writers, and the ways AI has been used so far seem to support this.

According to skeptics like [Gary] Marcus, [professor of cognitive psychology at NYU,] deep learning is greedy, brittle, opaque, and shallow. The systems are greedy because they demand huge sets of training data. Brittle because when a neural net is given a “transfer test”—confronted with scenarios that differ from the examples used in training—it cannot contextualize the situation and frequently breaks. They are opaque because, unlike traditional programs with their formal, debuggable code, the parameters of neural networks can only be interpreted in terms of their weights within a mathematical geography. Consequently, they are black boxes, whose outputs cannot be explained, raising doubts about their reliability and biases. Finally, they are shallow because they are programmed with little innate knowledge and possess no common sense about the world or human psychology. – Jason Pontin, Wired

While AI may provide some incredible shortcuts in daily life and populate wells of information, these limitations mean that fears of an all-powerful, all-knowing “demon” remain far from tangible. The need for oversight and limits in AI is no joke, and Elon Musk may yet prove to be a technological prophet of sorts. But the truth is, we have no reason to fear our robot overlords today.

 

Are you interested in the ways AI can enhance your life and business? Are IoT devices creating gaps in your carefully maintained cyber security? Contact Anderson Technologies today for enlightened solutions to all your technological troubles. We can be reached by phone at 314-394-3001 or email at info@andersontech.com.

Downtime Lifeline: One Law Firm’s Battle with Outdated Tech

/in , , /by

When companies, non-profits, or entire city governments find themselves victims of cyber crime, it can feel like they’re frozen as the world moves on around them. This feeling, to a lesser degree, might also come as you’re sitting in front of your office computer every morning, twiddling your thumbs waiting for it to boot up so you can finally start your work day.

Ransomware looms as one of the biggest business tech threats of 2019. Organizations of all sizes are finding themselves in the cross-hairs of cyber crime actors who seek high payouts from insurance agencies and panicked data hostages. Why are some companies so quick to pay off the ransom?

Too often it’s the fear of downtime, or money lost while hackers obstruct you from your data and your business’s day-to-day operations. However, while ransomware dominates the tech industry news, a much more common and avoidable cause of downtime significantly affects organizations without raising alarms—outdated technology. A minute lost every time you try to access a file or launch your internet browser adds up quickly over the course of days and weeks. These wasted (and often-unnoticed) minutes can mean thousands in lost revenue for your company.

Let’s explore the real-life implications of business downtime due to hardware and software that has long been ready to be replaced. Luke Bragg, Lead System Administrator at Anderson Technologies, witnessed this firsthand.

Efficient Until Obsolete

A St. Louis business law firm reached out to Anderson Technologies in 2018 for help. Their old server was dying. It hadn’t been patched or updated in over a year, leaving it vulnerable to ransomware and other cyber attacks.

“Security was a major concern,” Bragg says. Slow speeds and cyber vulnerabilities were starting to impact the firm’s daily operations. Days after contacting us for help, the firm’s aging server experienced a catastrophic system failure and died altogether: “The server completely failed, and we had to keep them functional on emergency hardware while we put a new server in place.” Thankfully, the failure wasn’t caused by ransomware or another cyber attack, but the law firm felt how close they came to experiencing futile downtime.

Read more about the effects of downtime on a business here!

Downtime can be detrimental to any business, but some may feel the effects more strongly than others. Law firms constantly collaborate with other businesses and clients, as well as government organizations and the judicial system. Timing can be what makes or breaks a potential account. “Every business is different in how much downtime they can tolerate,” Bragg explains.

“This is a law firm, so their workflow is very critical with very little room for outages.”

Tell Old Tech to R.I.P. (Replace Itself Promptly)

The crashed server was a wake-up call, and acted as a jumping-off point for replacing more of the firm’s outdated hardware. Their workstations and wireless network benefited from a sprucing up as well.

Aside from the obvious security breaches, law firms and all kinds of other organizations suffer from negative effects of downtime due to antiquated tech. Employee productivity suffers when hardware is sluggish or undependable. Similarly, websites that aren’t mobile-optimized or user-friendly could turn away potential clients and impact your company’s digital presence.

Law firms especially run ethical risks when using outdated technology. “Technological competence” is a modern addition to the American Bar Association’s Model Rule 1.1. The last thing a law firm wants is a law suit because negligent treatment of the devices they use every day caused harm to a client. A big part of the work Anderson Technologies did for this law firm involved maintaining uptime and strengthening security during the hardware upgrade.

“Law firms tend to have constant workflows that are time sensitive,” Bragg says. “The key to success is being extremely detailed and properly communicating every step with the client so that scheduled downtime for things like network upgrades or system replacements is properly planned and the client’s expectations are factored into the equation.”

Anderson Technologies is now focused on replacing the firm’s outdated Windows 7 machines before the January 14, 2020, end of life deadline. “No other major projects are on the horizon at this point,” Bragg says, and the firm can rest easy knowing their new server is secure.

Businesses in need of a top-notch attorney wouldn’t wait until the last minute to seek out critical legal advice.  Similarly, this St. Louis law firm discovered the value of employing knowledgeable and proactive IT experts well before the threat of downtime surfaced.

 

You don’t want to find yourself drowning in downtime because of outdated technology equipment. To find out if your business could use a tune up, contact Anderson Technologies today.

5 Fraud Trends and How to Beat Them: Top Tips to Implement for Cyber Security Awareness Month

/in , , /by

Every October, Cyber Security Awareness Month is a time to learn, assess, and make changes to protect yourself and your business from the latest, most sophisticated dangers. Beyond damages to reputation and production, monetary costs from cyber crime add up in the billions of dollars.

Stay safe and aware this October. Here are five fraud trends that you’ll want to know:

Fabrication

Synthetic identity fraud is a cyber crime long game. First, a hacker procures a social security number by theft or purchase on the Dark Web, and then fabricates an associated name, DOB, email account, or phone number. From there, the fake identity is legitimized and nurtured.

Once a fraudster is able to become an authorized user for lines of credit, a process that typically takes 5 months, the “bust-out” is ready to be executed. This leaves creditors and businesses with dummy accounts filled with credit card maximums, loans, and cell phone/utility plans.

Ransomware

Ransomware can send chills down the spine of any business owner, and for good reason.

Two cities in Florida were forced to pay over a million dollars in aggregate bitcoin ransom after losing access to phone and email systems for multiple weeks. A quick glance at data breach headlines on any given week will reveal SMB attacks as well. Ultimately, ransomware boils down to economics, and it will require a concerted effort by organizations to shift the paradigm, refuse to pay criminals, and protect data before attacks.

Business Email Compromise (BEC)

A sophisticated scam, BEC targets anyone who regularly processes requests for electronic fund transfers. The scammer compromises an email account through phishing or intrusion tactics and requests that transfers of funds or personal information such as W2 forms be sent immediately.

Because the request comes from a familiar face, and may even be routine, this scam is highly effective—and very expensive. As of July 2019, total dollar loss has exceeded $26 billion.

Account Takeover (ATO)

The commoditization of crimeware and “spray-and-pray” techniques have led to a higher frequency in breaches, many of which are executed by non-sophisticated hackers. Solving ATO fraud at the small and medium business level in today’s world requires purpose-driven teams and technologies that can protect your business in a smarter, more efficient way.

Dark Web

Security researchers estimate that in the first half of this year alone, over 23 million credit and debit card details were being sold in underground forums. What’s worse, nearly two out of every three originated in the United States (64%), followed by the UK (7%) and India (4%). Once such data dumps hit the Dark Web, cyber criminals will exchange stolen information and credentials in order to orchestrate damaging fraud schemes.

Now that you know some of the trends in cyber crime, here are several helpful solutions.

Guard yourself and your business against these threats. Here are our Top 12 Cyber Security Tips:

  1. Involve all stakeholders in raising cyber security awareness across your organization.
  2. Backup key data regularly and perform scheduled test restores to ensure their integrity.
  3. Enable multi-factor authentication company-wide and establish and enforce an appropriate password policy for all users.
  4. Install enterprise-grade anti-malware and spam-filtering solutions with anti-phishing capabilities across your network.
  5. Leverage internet content filtering to block phishy websites.
  6. Prepare for cryptojacking attacks.
  7. Purchase SMB security suites that include Dark Web monitoring.
  8. Assess your organization’s cyber security policies and procedures and review annually.
  9. Ensure that all third-party partners have cyber security protocols and policies in place.
  10. Build a cyber security incident response plan and democratize key information.
  11. Bind an appropriate level of cyber security insurance to cover your company in case of a breach
  12. Partner up with expert managed IT services providers to train your employees and implement the above.

Awareness and action go hand in hand. This Cyber Security Awareness Month, contact Anderson Technologies to protect your business from the newest threats, and enhance business functions every day.

AI: The Danger of IoT Data Collection

/in , /by

Smart cars. Smart lights. Smart shoes… Smart… water bottle?

The smart phenomenon that is the backbone of the Internet of Things (IoT) may be reaching coming-of-age.

In our previous introduction to artificial intelligence (AI), we discussed how machine learning has impacted the worlds of cyber security and research by processing millions of times the information a human worker can analyze in the same amount of time, detecting patterns and producing solutions.

How are these patterns detected? Patterns are determined by analyzing populated data sets. When it comes to consumers, where does that data come from?

The answer is smart speakers, smart thermostats, smart cars, smart lights, smart shoes, and yes, even smart water bottles.

These devices might make life a little easier, but they also collect data.

Similar to the practice of collecting data in exchange for free services (like social networking sites Facebook and Twitter), IoT devices provide a service to the user but also provides a glut of information for the developers. Developers state that this information is a tool for them to hone smart services, enhancing the users’ experience. It also happens to be true that the data collected by services and smart devices is worth a lot of money.

That isn’t to say that every single IoT device, or even every device referenced in this post, a) collects data, b) stores that data, c) stores that data in a way that connects it to a user’s identity, or d) monetizes or sells that data.

The real danger of IoT data collection frequently comes from users not being informed about what their smart devices are truly capable of.

Data for Dollars

The intersection of AI and IoT means that the massive amount of data collected on users is processed and patterns extrapolated. Those patterns amount to near-endless insights about identity, family, routine, device usage, shopping practices, purchase history, and search history.

Some makers of smart televisions use this information internally, providing users with tools and advertisements that are deemed beneficial and that they are more likely to be interested in. However, some sell that data to third parties. Facebook is now infamous for the internal and external monetization of user data. Companies like Cambridge Analytica sold processed data on the promise of hyper-targeted advertising possibilities and detailed demographic, and advertising susceptibility, breakdowns.

Are you planning an IoT purchase for your business? Anderson Technologies provides hardware and software consulting!

Data collected and the patterns gleaned from it are incredibly valuable to marketers . . . and cyber criminals.

And that doesn’t even cover the personal data lost in IoT breaches.

From smart homes to smart speakers to fitness trackers, security breaches of IoT devices have been in the news since smart technology began developing. Recent findings suggest that IoT devices are more susceptible to breaches than other technological devices. The 2019 Study on Third Party IoT Risk by the Ponemon Institute found that at least 18% of respondents experienced a data breach caused by IoT devices being unsecured.

For higher-value targets, unsecured IoT devices often act as an entry point into an otherwise secure internal network, and even if the network isn’t breached, IoT devices are often used by hackers to conduct Denial of Service attacks.

Are Data Collecting Devices Inherently Dangerous?

The fact is that there is a risk to almost any action. One of the hardest parts of being a digital citizen is staying aware of and educated about the tradeoffs you are making with your data.

Most smart devices or websites provide a service that is useful to the user. Whether the purpose of a device is information, connection, or convenience, the Internet of Things aims to streamline digital and physical life, which can be very attractive.

Insecure data and sale of personal information doesn’t have to be the norm. Many companies currently ensure that data collection is anonymized, keeping searches and voice commands tied to an algorithm rather than your name and face. In August 2019, the National Institute of Standards and Technology released their guide for cyber security recommendations for these devices, and with increasing public awareness of security flaws, the industry as a whole may be moving towards a more secure model.

For many, even the risks or sale of their data is worth the benefit of the smart device.

Despite news stories on privacy, breaches, and sale of data appearing daily, it doesn’t appear that the Internet of Things is going away.

Tips to Keep Your IoT Devices Safe

  • Fully research new IoT devices you plan to introduce to your digital ecosystem. Know the type and amount of data collected, how it is stored, and the history of the company building the device. Weigh potential risks against potential benefits.
  • Turn off tracking and reporting when you can.
  • Use Multi-Factor Authentication (MFA) to ensure that the only person accessing your account is you.
  • Protect your business and home networks with hardware firewalls and don’t use your IoT devices on unsecured WiFi.

 

Are Internet of Things devices a net positive for your business? Contact Anderson Technologies today for help using smart tools in a smart – and secure – way.

AI: Are We Planting the Seeds of the Robot Uprising?

/in , /by

Computer technology moves at a blazing pace. Blink once and the world of tech steps forward a light year. Blink twice and suddenly what was once cutting edge is now commonplace. No day is the same in the tech world as the standards, methods, and products constantly change and improve.

We’ve written previously about how valuable human data is to the tech industry. Whenever you spend time on your internet-connected devices, virtual scouts track and collect your data to build human profiles. This data provides a wealth of information to companies, data brokers, and even potential cyber criminals, which is one of the reasons it’s so important to stay on top of the latest tech threats.

Artificial intelligence (AI) is a tech-industry term that’s been thrown around more and more when discussing cyber security—especially by industry innovators like Elon Musk. Depending on who you talk to, this futuristic-sounding technology is either the solution to every problem or the biggest threat to you and your business’s digital well-being. The best response to emerging technologies like AI is education, so let’s explore this concept and empower you to decide what to implement in your corporate and personal lives.

What Is AI, Anyway?

Artificial intelligence, also referred to as machine intelligence or machine learning, is a branch of computer science that pushes technology to learn and solve problems from sets of data. It’s a big part of what makes “smart” technology so smart. Systems that use AI analyze data patterns to develop algorithms that make programs work more efficiently. This “intelligence” mimics the human brain’s ability to learn and apply information to new problems.

These algorithms power the technology we use every day: inbox filters, social media feeds, predictive text, online shopping recommendations, and virtual assistants like Alexa and Siri. If you’ve used Google Home or iMessage today, you’ve already experienced AI technology. For example, iMessage’s predictive text algorithm analyzes the patterns in your text messages and uses it to suggest words and phrases as you type.

Artificial intelligence has so many different uses, and its breadth allows more than just the information technology field to benefit. Manufacturing companies, financial analysts, and even biologists use AI to process data and identify trends that would take human minds years of constant dissection to solve.

Is AI Dangerous?

AI has gained a bit of a negative reputation from sci-fi books and movies, often portrayed as a menacing force of infinite knowledge that aims to dominate humanity. Projects like Sophia the AI robot give a pretty face to this mimicry of human intelligence. However, these real and fictional depictions are far from the most common ways AI is applied. Real-life AI technology is, for the most part, innocuous without human motives behind it.

Pop culture has fun anthromorphizing AI, but in reality, AI machines are limited to the data sets they’re built to address.

Credible concerns about AI are rooted in its human weaknesses. The goal of AI research and development is to mimic human reasoning so problems can be solved faster than humans could physically achieve. Like any technology, AI requires real people to design, program, and evaluate it.

Self-driving cars have been in the news for the last few years, and despite several pedestrian and driver fatalities AI research preserves the dream of autonomous transportation. Imagery algorithms for drone technology and surveillance software (like the facial recognition you might use to unlock your phone every day) power these autonomous processes that read and react to data sets. But even with a human driver in the front seat, self-driving cars can’t realistically predict events they haven’t been programmed to respond to.

Imagery technology tends to make people apprehensive about their privacy as well as their safety on the roads. Beyond scanning your tagged Facebook photos or unlocking your iPhone, facial recognition software has the potential to elicit a global response. Government and immigration agencies are already using AI technology to implement policies, regardless of negative implications on citizens’ privacy. And the phenomenon of “deep fakes” has revealed a latent anxiety about taking online content of world leaders at face value. Regulation is still underway for most kinds of AI, leaving researchers and corporate funding to run rampant with a technology that’s growing faster than protective agencies can keep up with.

AI systems are susceptible to human biases, even if we don’t deliberately program them that way. Without actual human reasoning, perfect AI function takes a lot of trial and error. This is why spam email sometimes ends up in your inbox while an account verification email gets sent to the junk folder. AI needs constant human refinement. Pop culture has fun anthromorphizing AI, but in reality, AI machines are limited to the data sets they’re built to address.

What Should I Know About AI Technology?

As AI technology continues to develop, it provides exciting opportunities to strengthen cyber security. Managed service providers like Anderson Technologies integrate new AI-powered software into existing practices. AI technology can chew through mountains of seemingly unrelated data and uncover previously hidden relationships and patterns, allowing MSPs to  bring to bear more robust solutions for their clients. For example, to address a universal threat vector, adding an intelligent email-filtering software like Proofpoint serves as a very strong first layer of defense against malicious emails.

Read more about cyber security!

As a business owner, it’s wise to stay on top of upcoming technologies, whether or not you decide to implement them in your daily work. AI enables more powerful systems—but the same applies to cyber criminals. Intelligent machines can learn which users and programs are susceptible to certain threats, and they’re also very skilled when working with patchy data sets. A human hacker might overlook patterns that an AI-powered program is designed to seek out and exploit.

Machines have strengths in areas where humans are weak, and vice versa. As AI continues to trickle into more of our everyday experience, concerns about privacy and regulation become more tangible. While AI itself has no virtue signal, the people directing it prove it has frightening potential. But, just like jokes from Sophia the robot, with cautious exploration AI seems set to do more good than harm.

 

Do you have questions about the application of AI for your business? Contact Anderson Technologies today and stay tuned for more articles discussing the emerging technology of artificial intelligence.

Don’t Wait for Your IT Infrastructure to Break Down

/in , , /by

5 Benefits of an Annual Network Tune-up!

The importance of performing a network security audit can’t be overstated, but don’t be fooled into thinking network security is a one-time event. Just like you need to bring your car to a mechanic for a tune up, a yearly network security audit keeps your infrastructure running smoothly and allows your managed services provider (MSP) a chance to look at what’s going on beneath the hood. Better to keep everything running smoothly so problems can’t lurk unseen.

What is a Network Security Audit?

An initial network security audit provides a baseline for the status of your IT infrastructure, what is doing well, where the holes are, and allows you to get in front of any issues that could compromise your systems. Forgetting to fix a known vulnerability could cost you time and money if cyber criminals find and exploit it.

What exactly does a network security audit do? When performed by a professional IT firm, physical processes combine with state-of-the-art software solutions to assess the quality and security of your network. This means reviewing not only your IT systems for digital vulnerabilities but also walking through your physical work space to make sure hardware isn’t set up in a way that would decrease efficiency or be hazardous (such as plugging a space heater into the same surge protector as a computer).

A thorough network security audit should include a review of your business’s

  • firewall,
  • anti-virus and anti-malware software,
  • web and electronic communication filtering,
  • Active Directory environment,
  • password policies,
  • backups and disaster recovery policies,
  • and include an in-person assessment.

Five Benefits of an Annual Network Security Audit

As important as the initial security audit is, performing regular audits each year provides you with additional insights that can keep you moving forward in a secure and productive manner. Below are the top five benefits of performing an annual security audit.

  1. Assess how well you’ve addressed last year’s problems.

A network security audit is useless unless the issues it reveals are addressed. By performing an annual audit, you can compare where you were the year before with where you are now to see what systems improved and what still requires attention.

Have all your planned policies and IT practices been implemented? Did the fixes you put in place successfully mitigate the previous year’s problems? An annual security audit serves as benchmark to the condition and maintenance of your business’s IT environment.

  1. Review your security vulnerability analysis with your MSP or IT department.

As part of a thorough audit, your MSP or IT department should use specialized software to probe all the nooks and crannies of your network to search for vulnerabilities. But simply performing the audit isn’t enough. An annual review of your network security audit with your MSP or IT staff allows you to go over the security vulnerability scans each year and look at any reoccurring failures. By discussing the results together, you can work to find the underlying reason for any trends you find. Sometimes the problem revealed is actually a symptom of a much larger issue.

  1. Prioritize your technology needs for the next year.

IT security and maintenance can be expensive, especially when technology changes happen outside of your control, such as Windows 7 reaching end-of-life on January 14, 2020. An annual network security audit is a chance for your MSP or IT staff to discuss what needs to be done in the coming year, and more importantly when it needs to be done, so you can prepare accordingly.

  1. Address the nitty gritty details of IT management.

As part of an annual audit, your MSP or IT staff should review the state of your hardware, Active Directory for any overlooked users who have left the company, and the configurations of permissions to your systems. These are basic issues that  sometimes get lost amidst the pressing everyday IT issues that arise. Having a dedicated time to check foundational elements keeps your IT infrastructure productive and secure.

  1. Provide feedback to your MSP or IT department and keep the dialogue open.

IT security may feel like it lives solely in the realm of IT professionals, but it requires two-way communication to remain effective. An annual network security audit is an effective mechanism to open a dialogue with your MSP or IT staff and address any concerns you have. The annual audit is a great place to discuss what’s working and what’s not that so all your IT needs are met in the way your business requires.

 

Don’t wait too long to tune up your IT systems with an annual network security audit. You can’t fix a problem you don’t know exists, and cyber attacks get more sophisticated each day. A look under the hood every now and then offers more than solutions to your problems—it offers peace of mind.

For managed services clients of Anderson Technologies, a network security audit is performed annually. If you want help with a network security audit, contact us today for a free consultation.

Plan for Natural Disaster: Small Businesses in St. Louis

/in , , /by

St. Louis, Missouri, known as the Gateway to the West, is well-loved by its residents for a variety of reasons that make it a great location for businesses and home to their employees. St. Louisans love their sports teams (Congrats to our NHL Stanley Cup CHAMPIONS!) and are proud hosts of the famous, award-winning St. Louis Zoo and other free attractions in Forest Park, such as the History and Art Museums. Situated in the northernmost Ozark foothills, the city also has a lovely, rolling landscape and is close to many state parks.

St. Louis ranks on many best-of lists across the nation, including:

  • One of the “Top 100 Best Places to Live” for 2019 (livability.com)
  • Number 2 of the “10 Best Cities for Entrepreneurs 2019” (fitsmallbusiness.com)
  • One of the “Top 10 Rising Cities For Startups” in 2018 (forbes.com)
  • Number 2 of the 2018 list of “Best Cities for Jobs” (glassdoor.com)
  • Number 1 on the “25 U.S. Cities That Millennials Can Afford – and Actually Want to Live In” for 2018 (thepennyhoarder.com)
  • The Number 2 “Food City” in the United States (Yelp, reported by riverfronttimes.com)

These rankings paint an appropriately pleasant and prosperous picture of St. Louis! However, businesses looking for a home in this city should know that St. Louis has a long history of natural disasters because of its location.

The Mississippi and Missouri Rivers often become overburdened from heavy deluges in the north, which doesn’t help the fact that St. Louis is tucked into the eastern edge of Tornado Alley. The city often feels the effects of blizzards, hurricanes, and even earthquakes. This unique set of natural factors is something business owners and technology teams must consider ­in their disaster preparedness planning, to keep business running no matter what nature has in store.

IT Backup in St. Louis

Disaster planning is a critical part of your business’s backup process. This process is outlined in HIPAA regulations, but is important for every business and organization, whether HIPAA compliant or not. When you begin to design your plan, you must think from every angle of your business, not just the IT side. How will your business prepare for a disaster? What physical aspects could be affected? How will your business implement measures once a disaster has happened? And what steps will your business need to take to recover? When creating a plan, identify all things that can happen, determine the likelihood that they will happen, and tailor the overall risk to your St. Louis-specific location.

For your IT, you’ll want to document your network and computer infrastructure configuration and safeguard your equipment prior to a disaster. You’ll also want to make sure you have a two-fold backup system, with one being a physical backup stored at a safe location and one being a cloud backup. An essential for every business is insurance, both for the physical location and for digital data loss. With a disaster plan in place, you’ll be well on your way through disaster recovery, even before a disaster happens.

In addition, you should regularly test your backups and make sure the full-recovery test is successful just in case of that dreaded emergency.

Read more about disaster planning, recovery, and managed tech services for your St. Louis business!

But what natural forces specifically impact St. Louis businesses and should always factor in their disaster planning?

Flooding

Are you located in or near a flood plain? Recent major flooding in Missouri shows flooding in the last few years has exceeded the anticipated 100-year and 500-year flood levels. This should be a concern for any business located in one, and flood insurance should be obtained. Rivers notoriously breach their banks, and the Missouri River is especially unpredictable.

Originally, the Missouri was much, much wider. However, over the years, engineers funneled it into a narrower, deeper, stronger river to be used for commerce. Being a body of water, it will always try to retake the “bottom land” engineers during the New Deal era salvaged from it.

The Mississippi River is no less dangerous. As the biggest river in the United States, it has many tributaries, and by the time it travels through the St. Louis metro area, it can be swollen with excess water from the north—rain, ice, and melted snowpack. Just this year, the Mississippi has caused $12 billion in flood damage.

Floods generally provide a little more preparation time than tornadoes do, but there’s never enough time when an emergency is at hand. Don’t use warning time to procrastinate preparation. Part of disaster recovery is disaster preparedness. What steps can your business take when flood waters loom? How can you mitigate potential future loss?

Tornadoes

If the location of your company is at risk of tornadoes or very high winds, you’ll want to tailor your protection for that. Unlike floods, tornadoes can affect areas far beyond the actual funnel, with winds tearing off roofs and flipping vehicles and structures.

Most tornadoes in the St. Louis area don’t make it into the city itself, but across the county and surrounding flatlands businesses have seen the brutal effects of tornadoes touching down.

With this in mind, storing backups digitally in the cloud is imperative. If a tornado blasts through your area and carries the entire office away with it, you’ll need a place to start. Having data properly and securely backed to the cloud will ensure that your business can start up again in any location, or that you can do something as simple as contact clients from a laptop to alert them to your circumstances.

Blizzards, Earthquakes, and Hurricane Effects

The Midwest routinely receives the effects of hurricanes from the Gulf of Mexico and the sub-zero temperatures blown in from the north. Every now and then, twelve inches of snow will fall or a gale will blow through that knocks out power to a good portion of the community. Are you ready for no electricity at the office? How will your business plan for unsafe travel conditions, or below-zero temperatures when ice knocks down the powerlines?

Missouri is also known for its massive earthquake in 1812 that is thought to be one of the worst the United States has ever seen. Minor quakes have occurred during recent years due to the New Madrid fault line that clips the southeast portion of the state.

Don’t Wait

Just like any other city, St. Louis has its own set of common natural disasters, and it’s important for your company to take the proper measures to prepare for them. Planning for disaster can’t guarantee your business’s safety, but by planning for it, you’ll be ahead of the game, no matter what.

Once your fully-developed disaster plan is implemented and tested, disaster recovery shouldn’t be too detrimental on time and resources. Even smaller disasters, such as local fires or theft and vandalism are essential to prepare for.

Are you ready to develop your disaster plan? If you’d like more information on disaster recovery for your IT systems in St. Louis, call Anderson Technologies at 314.394.3001. A team member will be happy to help!

HIPAA Part 7: Getting Started

/in , , /by

We’ve come to the end of our HIPAA series, and if you’ve been following along, you might feel overwhelmed by the prospect of becoming HIPAA compliant. There’s a lot to do if you’re just starting out. Keep in mind that by creating a culture of compliance, it becomes easier to verify that you’re following the Security and Privacy Rules in the future. Instead of creating policies, you’ll be updating them. Instead of choosing technical safeguards, you’ll be evaluating what’s already in place. Once you are HIPAA compliant, it’s easy to stay HIPAA compliant.

Tips for Beginners

For those of you tackling HIPAA for the first time or those whose current HIPAA compliance program isn’t doing enough, here are a few tips to help you start the process.

Know what you have—The start of any HIPAA compliance program is determining what PHI and ePHI you have, what programs or processes access that information, and what policies or safeguards are already in place to protect it. Without knowing that, you can’t know what needs to be fixed.

Perform the SRA first—It’s the first security standard for a reason. A complete and thorough Security Risk Analysis is critical to compliance, and you’ll find that during the SRA process you’ll address many of the other standards in the Security Rule. If you don’t feel you can perform this on your own, it may be beneficial to call in an outside consulting company to help you.

Document everything—Get used to this right away. You must not only become compliant, but you need to prove that you are compliant, and that is done through documentation. Be careful you don’t fall into the trap of “paper compliance,” where you have the documentation but fail to follow through in everyday practice. A policy is useless if it’s not implemented.

Accept that it’s a process—Compliance doesn’t happen overnight. From the SRA to the documentation to the evaluations, compliance takes time. It is a continuous process of monitoring and updating to ensure the privacy and security of PHI.

Get everyone on the same page—Training on HIPAA needs to happen from top to bottom. This helps create a culture of compliance that will make ongoing compliance efforts easier. If those in leadership positions understand why it’s important to be HIPAA compliant, appropriate policies and procedures can be created and the budget adjusted according to needs. When employees know the rules to ensure the confidentiality, integrity, and availability of PHI, there is less chance that an avoidable breach will happen.

There is no one prescriptive way to go about HIPAA compliance. HIPAA is designed to be vague enough that any size or type of business can adopt the same requirements. This allows each business the freedom to implement in the way that best fits them, but it also requires that you take responsibility for the decisions you make. With that said, following a logical HIPAA compliance plan will help determine the most reasonable and appropriate measures for your business in a straightforward way. Compliance is always easier with a plan.

HIPAA Resources

Knowing where to go for information can assist any Compliance Officer in their efforts to become HIPAA compliant. Below is a collection of the resources found throughout this series.

Tired of Waiting to Work?

/in , /by

The true cost of ransomware.

Ransomware is a major threat right now. According to Datto, experts in data backup and recovery, 80% of managed services providers (MSP) report ransomware attacks in 2018, and 35% report that some of their clients experienced multiple attacks per day. Clearly, ransomware is nothing to sneeze about.

Surprisingly, though, it’s not the ransomware attack, but the downtime afterward that accumulates the greatest cost to your company. Time, manpower, customer and vendor trust are all affected. This increases the importance of defending your company against this threat.

Here’s a quick recap of what happens in a ransomware attack. First, your network or computer is compromised. Next, an intruder plants an infection that encrypts your data files, until, theoretically, you pay the “ransom.” Until then, you are stuck. You can’t use your hardware, applications, or access any of your data. Any employees who connect to your network for their job can’t work. Even if the ransom is paid, the likelihood of getting your data back as it was is fairly small. During this attack, your network is fair game to the cyber criminals, and you’ll have no idea which files they will exploit. In all reality, you might be starting from scratch to get your company up and running again. And that takes time. If you aren’t protected and prepared, you could suffer weeks of lost revenue with a high cost to recover.

The best solution for defending your company against ransomware is a multi-layer approach. To keep your network safe, you must have the following:

  • A properly configured hardware firewall
  • An internet content filter
  • Email scanning prior to delivery
  • Antimalware/antivirus software on each workstation
  • Current operating system and third-party application updates
  • Consistent, reliable, and tested backups

Whether it’s a cyber attack, human error, or hardware failure, a multi-layer approach is a safeguard for when one layer is compromised.

Read more about ransomware!

Backups are one of the most important aspects. They are your insurance policy to eliminate a huge amount of downtime. If ransomware infects your network despite all of the safeguards in place, your current backups will ensure your data is retrievable. Consulting with your IT department or MSP to ensure your backups are properly configured will keep the ransomware from infecting the backups as well.

Unfortunately, many companies don’t have all of these measures in place, and when ransomware hits, things get chaotic. Downtime can turn a disaster into a catastrophe.

Studies show that downtime has twelve times the cost of the actual ransomware attack. To calculate downtime, you must take into consideration direct employee costs, productivity losses, halted company production, and even more importantly, how your clients are affected. Are they getting the products and services they paid for? How does that affect their trust in you?

To counteract these detrimental costs to your company, it is important to focus on prevention and prepare for the worst, so when something does happen, your downtime is minimal. Backup services provide disaster recovery as a service to ensure your peace of mind no matter what.

Downtime Contributors

Ransomware isn’t the only cause of downtime, though. There are other things potentially sapping your company’s productivity every day. Poor performance due to outdated hardware, slow internet speeds, and hardware failure. How much are these often-overlooked daily experiences costing your business?

Old Hardware – New Software

Continually spending money on hardware can be frustrating. Unfortunately, that is the reality in the tech world. One year, the latest technology comes out with a wow and a bang, and by the next year, that amazing equipment is already out of date. Within a few years, it’s obsolete and can no longer handle even the most basic software updates.

Older hardware simply wasn’t designed to handle the latest resource-intensive apps.

Because technology changes so quickly, Anderson Technologies recommends replacing computers every three to five years, depending on your specific requirements. Replacing 20% of your machines per year keeps all equipment on a five-year rotation and your budget reasonable.

How can this plan save your company from downtime?

By upgrading your hardware regularly, your systems stay efficient and fast. You won’t have to wait those 30 seconds for an app to load when it should load in a fraction of that time.

Thirty seconds of downtime doesn’t seem like much until you calculate the cost of those accumulated seconds lost every week.

Hardware Failure

Hardware failure, be it a laptop or server, will happen, and inevitably it will occur at the worst possible moment, like during your busiest time of year. Because of this, it’s best to be proactive. If you’re continually refreshing hardware, not just computers, at the rate of 20% per year, everything will be less likely to experience failure due to age.

Just like with ransomware, the best insurance policy against hardware failure is having up-to-date backups. Failed hardware can easily be replaced, but the information stored on it may be lost unless it’s backed up regularly. Your MSP can help you determine the frequency of backups and provide backup options to ensure that your company can get up and running as quickly as possible.

Slow Internet

This is probably the most common downtime-inducing culprit. There are several factors that may contribute to slow internet. The first step is to double check what speed you pay for with your internet provider and make sure it matches the speed you observe on your network. If the two speeds match, then you may need to invest in more speed.

If you’re paying for a higher grade of internet, but still experiencing slow speeds, there may be something misconfigured in your firewall or switch. If the firewall or switch are over five years old, they might need to be replaced. Older firewalls or switches are just like the old hardware we mentioned earlier – they can’t keep up with the traffic going through them and act like a bottle neck. For instance, your LAN switch may be running at 100 Mbps, but you’re paying the ISP for a 400 Mbps internet connection! Upgrading to a gigabit switch in this example is a simple, cost-effective solution. A properly configured and updated firewall and network switch will give each user the full speed the internet allows instead of bogging it down.

 

Would you like more information about saving your company from the threat of ransomware and downtime? Contact Anderson Technologies at 314.394.3001 or email us at info@andersontech.com.