Contact Us Today!   314.394.3001   |   info@andersontech.com

Should You Break Up with Your MSP?

/in , /by

How one St. Louis practice shed an underperforming MSP and questions to ask so you don’t end up in the same situation


Relationship challenges occasionally happen, even between businesses.

It’s frustrating when a potential vendor promises epic solutions to all your problems, but over the course of months or years prove themselves not up to the task. This was the case for M. C., owner of a St. Louis healthcare practice. She recently sought the help of Anderson Technologies to replace her managed services provider of over a decade. “I was pretty loyal to them,” M. C. says, “but it was nightmare after nightmare for ten years.”

A self-described workaholic, M. C. didn’t have time to spend worrying about the technology that carried her practice. “IT is the skeleton of [most] businesses in America today. If you don’t have it, then your practice has no skeleton. It’s just a floppy amoeba.” Much like the revenue lost during business downtime, time wasted waiting for computers to meet performance expectations or techs to return your phone call is a drain on your business’s resources.

Your managed services provider (MSP) should be working with you, not against you. According to M. C., an MSP and the work they do for your business should feel like “a blessing from God.” Here are four questions you should be asking to determine whether or not your MSP relationship is benefiting your business.

  1. Are they professional? Can I unequivocally trust them in my office and home?

M.C.’s relationship with her former MSP started with a trusted colleague’s recommendation. System administrators were in and out of her office and home, providing service on her internal systems and home workstations for remote connectivity. Her practice used specific programs and hardware daily. It was essential that these functions were reliable and safe for patients.

“Anyone with an EMR [electronic medical records] system really needs to have the best IT possible,” M. C. says.

If you don’t have good IT, you’re out of luck.”

It was when M. C. needed to move her practice to a new location that she realized how many problems the vendor had overlooked or, in some cases, caused.

“I had just spent $10k getting all new computers and they still weren’t working,” M. C. recalls. “They recommended that I change phone systems to save money, but what they actually did is cut out my fax and the phone situation just got worse.” These issues surfaced when one of M. C.’s employees pointed out that on the day of the install, the MSP only spent ten minutes on-site. Along with a few other questionable interactions with the MSP’s team at her home, M. C. began to lose complete trust.

  1. Are they communicating effectively?

After M. C. realized the extent of her technical problems, she reached out to the owner of the company, a person she felt she could trust. However, the owner wouldn’t acknowledge that his employees had been careless and made mistakes.

Aside from her annoyance with the work the company did do, it was often difficult to reach help during her early and long work hours. “I was at the point where I had to demand they come and fix things,” M. C. says. Communication breakdown reached a head when M. C. contacted the owner once more, only to be berated. “I had spent thousands of dollars at this point, and all he had to say was, ‘Why are you bothering me? You’re a demanding client.’”

  1. Are they taking ownership of their work and keeping detailed records of all solutions?

One reason problems weren’t getting resolved was because the MSP seemed very unorganized. Every time M. C. or one of her employees contacted the company about a problem, they acted like they had never stepped foot in the office, let alone replaced all the hardware.

“Troubleshooting was nearly impossible,” M. C. says. “After ten years they knew nothing. No organization, no blueprints of what I had, what went where.” The company also constantly insisted on upgrades to the practice’s hardware, but would replace them with old computers that were clearly used and not up to enterprise standards. Hardware replacement policies are a common MSP requirement, but the level of disorganization around the “new” computers they were recommending seemed suspicious. “It’s like there were no records of any improvements or work done.”

Mark Anderson stresses with importance of industry software and documentation with Business News Daily.

  1. Are they keeping their promises?

It took ten long years for M. C. to face the facts: her business relationship with her MSP was no longer serving her well. The promises the MSP made at the beginning of their partnership had never been realized. “My practice’s management system was still getting popups and crashing, computers were still slow and congested, we still had outdated hardware, no fax, scanners, or remote connectivity,” M. C. describes. “Systems were still so slow, and even slower when working remotely.”

She felt the managed services company took advantage of her, taking her money and then slapping Band-Aids on problems to conceal the bigger issues. “I was nervous spending the money to start over,” M. C. says. “It’s like getting divorced and finding someone new. For ten years I had the patience of Job, but I think it wasn’t really patience—I was just scared.”

Thankfully, she reached out to Anderson Technologies, which was able to quickly extinguish the immediate fires. “Once Anderson took over, 99% of the problems went away immediately.” Instead of making huge promises at the beginning of the partnership, Mark Anderson and the team developed a strategic action plan to implement long-term improvements.

Anderson Tech is reachable, affable, quick, professional,” M. C. says. “It’s been nothing but professionalism and action, ‘true to their word’ situations. I have never gone this long in my ten years where I didn’t have a problem.”

Now that M. C.’s IT infrastructure is efficient, reliable, and secure, she can focus on her clients and allowing her business to really grow over the next ten years. Thousands of dollars and a decade of frustration later, M. C.’s practice is building a new relationship with Anderson Technologies: “I wish I had met you ten years ago!”

 

To find out more about reevaluating your IT partnership, give Anderson Technologies a call today. We can be reached at 314.394.3001, and look forward to hearing from you.

Downtime Lifeline: One Law Firm’s Battle with Outdated Tech

/in , , /by

When companies, non-profits, or entire city governments find themselves victims of cyber crime, it can feel like they’re frozen as the world moves on around them. This feeling, to a lesser degree, might also come as you’re sitting in front of your office computer every morning, twiddling your thumbs waiting for it to boot up so you can finally start your work day.

Ransomware looms as one of the biggest business tech threats of 2019. Organizations of all sizes are finding themselves in the cross-hairs of cyber crime actors who seek high payouts from insurance agencies and panicked data hostages. Why are some companies so quick to pay off the ransom?

Too often it’s the fear of downtime, or money lost while hackers obstruct you from your data and your business’s day-to-day operations. However, while ransomware dominates the tech industry news, a much more common and avoidable cause of downtime significantly affects organizations without raising alarms—outdated technology. A minute lost every time you try to access a file or launch your internet browser adds up quickly over the course of days and weeks. These wasted (and often-unnoticed) minutes can mean thousands in lost revenue for your company.

Let’s explore the real-life implications of business downtime due to hardware and software that has long been ready to be replaced. Luke Bragg, Lead System Administrator at Anderson Technologies, witnessed this firsthand.

Efficient Until Obsolete

A St. Louis business law firm reached out to Anderson Technologies in 2018 for help. Their old server was dying. It hadn’t been patched or updated in over a year, leaving it vulnerable to ransomware and other cyber attacks.

“Security was a major concern,” Bragg says. Slow speeds and cyber vulnerabilities were starting to impact the firm’s daily operations. Days after contacting us for help, the firm’s aging server experienced a catastrophic system failure and died altogether: “The server completely failed, and we had to keep them functional on emergency hardware while we put a new server in place.” Thankfully, the failure wasn’t caused by ransomware or another cyber attack, but the law firm felt how close they came to experiencing futile downtime.

Read more about the effects of downtime on a business here!

Downtime can be detrimental to any business, but some may feel the effects more strongly than others. Law firms constantly collaborate with other businesses and clients, as well as government organizations and the judicial system. Timing can be what makes or breaks a potential account. “Every business is different in how much downtime they can tolerate,” Bragg explains.

“This is a law firm, so their workflow is very critical with very little room for outages.”

Tell Old Tech to R.I.P. (Replace Itself Promptly)

The crashed server was a wake-up call, and acted as a jumping-off point for replacing more of the firm’s outdated hardware. Their workstations and wireless network benefited from a sprucing up as well.

Aside from the obvious security breaches, law firms and all kinds of other organizations suffer from negative effects of downtime due to antiquated tech. Employee productivity suffers when hardware is sluggish or undependable. Similarly, websites that aren’t mobile-optimized or user-friendly could turn away potential clients and impact your company’s digital presence.

Law firms especially run ethical risks when using outdated technology. “Technological competence” is a modern addition to the American Bar Association’s Model Rule 1.1. The last thing a law firm wants is a law suit because negligent treatment of the devices they use every day caused harm to a client. A big part of the work Anderson Technologies did for this law firm involved maintaining uptime and strengthening security during the hardware upgrade.

“Law firms tend to have constant workflows that are time sensitive,” Bragg says. “The key to success is being extremely detailed and properly communicating every step with the client so that scheduled downtime for things like network upgrades or system replacements is properly planned and the client’s expectations are factored into the equation.”

Anderson Technologies is now focused on replacing the firm’s outdated Windows 7 machines before the January 14, 2020, end of life deadline. “No other major projects are on the horizon at this point,” Bragg says, and the firm can rest easy knowing their new server is secure.

Businesses in need of a top-notch attorney wouldn’t wait until the last minute to seek out critical legal advice.  Similarly, this St. Louis law firm discovered the value of employing knowledgeable and proactive IT experts well before the threat of downtime surfaced.

 

You don’t want to find yourself drowning in downtime because of outdated technology equipment. To find out if your business could use a tune up, contact Anderson Technologies today.

5 Fraud Trends and How to Beat Them: Top Tips to Implement for Cyber Security Awareness Month

/in , , /by

Every October, Cyber Security Awareness Month is a time to learn, assess, and make changes to protect yourself and your business from the latest, most sophisticated dangers. Beyond damages to reputation and production, monetary costs from cyber crime add up in the billions of dollars.

Stay safe and aware this October. Here are five fraud trends that you’ll want to know:

Fabrication

Synthetic identity fraud is a cyber crime long game. First, a hacker procures a social security number by theft or purchase on the Dark Web, and then fabricates an associated name, DOB, email account, or phone number. From there, the fake identity is legitimized and nurtured.

Once a fraudster is able to become an authorized user for lines of credit, a process that typically takes 5 months, the “bust-out” is ready to be executed. This leaves creditors and businesses with dummy accounts filled with credit card maximums, loans, and cell phone/utility plans.

Ransomware

Ransomware can send chills down the spine of any business owner, and for good reason.

Two cities in Florida were forced to pay over a million dollars in aggregate bitcoin ransom after losing access to phone and email systems for multiple weeks. A quick glance at data breach headlines on any given week will reveal SMB attacks as well. Ultimately, ransomware boils down to economics, and it will require a concerted effort by organizations to shift the paradigm, refuse to pay criminals, and protect data before attacks.

Business Email Compromise (BEC)

A sophisticated scam, BEC targets anyone who regularly processes requests for electronic fund transfers. The scammer compromises an email account through phishing or intrusion tactics and requests that transfers of funds or personal information such as W2 forms be sent immediately.

Because the request comes from a familiar face, and may even be routine, this scam is highly effective—and very expensive. As of July 2019, total dollar loss has exceeded $26 billion.

Account Takeover (ATO)

The commoditization of crimeware and “spray-and-pray” techniques have led to a higher frequency in breaches, many of which are executed by non-sophisticated hackers. Solving ATO fraud at the small and medium business level in today’s world requires purpose-driven teams and technologies that can protect your business in a smarter, more efficient way.

Dark Web

Security researchers estimate that in the first half of this year alone, over 23 million credit and debit card details were being sold in underground forums. What’s worse, nearly two out of every three originated in the United States (64%), followed by the UK (7%) and India (4%). Once such data dumps hit the Dark Web, cyber criminals will exchange stolen information and credentials in order to orchestrate damaging fraud schemes.

Now that you know some of the trends in cyber crime, here are several helpful solutions.

Guard yourself and your business against these threats. Here are our Top 12 Cyber Security Tips:

  1. Involve all stakeholders in raising cyber security awareness across your organization.
  2. Backup key data regularly and perform scheduled test restores to ensure their integrity.
  3. Enable multi-factor authentication company-wide and establish and enforce an appropriate password policy for all users.
  4. Install enterprise-grade anti-malware and spam-filtering solutions with anti-phishing capabilities across your network.
  5. Leverage internet content filtering to block phishy websites.
  6. Prepare for cryptojacking attacks.
  7. Purchase SMB security suites that include Dark Web monitoring.
  8. Assess your organization’s cyber security policies and procedures and review annually.
  9. Ensure that all third-party partners have cyber security protocols and policies in place.
  10. Build a cyber security incident response plan and democratize key information.
  11. Bind an appropriate level of cyber security insurance to cover your company in case of a breach
  12. Partner up with expert managed IT services providers to train your employees and implement the above.

Awareness and action go hand in hand. This Cyber Security Awareness Month, contact Anderson Technologies to protect your business from the newest threats, and enhance business functions every day.

Don’t Wait for Your IT Infrastructure to Break Down

/in , , /by

5 Benefits of an Annual Network Tune-up!

The importance of performing a network security audit can’t be overstated, but don’t be fooled into thinking network security is a one-time event. Just like you need to bring your car to a mechanic for a tune up, a yearly network security audit keeps your infrastructure running smoothly and allows your managed services provider (MSP) a chance to look at what’s going on beneath the hood. Better to keep everything running smoothly so problems can’t lurk unseen.

What is a Network Security Audit?

An initial network security audit provides a baseline for the status of your IT infrastructure, what is doing well, where the holes are, and allows you to get in front of any issues that could compromise your systems. Forgetting to fix a known vulnerability could cost you time and money if cyber criminals find and exploit it.

What exactly does a network security audit do? When performed by a professional IT firm, physical processes combine with state-of-the-art software solutions to assess the quality and security of your network. This means reviewing not only your IT systems for digital vulnerabilities but also walking through your physical work space to make sure hardware isn’t set up in a way that would decrease efficiency or be hazardous (such as plugging a space heater into the same surge protector as a computer).

A thorough network security audit should include a review of your business’s

  • firewall,
  • anti-virus and anti-malware software,
  • web and electronic communication filtering,
  • Active Directory environment,
  • password policies,
  • backups and disaster recovery policies,
  • and include an in-person assessment.

Five Benefits of an Annual Network Security Audit

As important as the initial security audit is, performing regular audits each year provides you with additional insights that can keep you moving forward in a secure and productive manner. Below are the top five benefits of performing an annual security audit.

  1. Assess how well you’ve addressed last year’s problems.

A network security audit is useless unless the issues it reveals are addressed. By performing an annual audit, you can compare where you were the year before with where you are now to see what systems improved and what still requires attention.

Have all your planned policies and IT practices been implemented? Did the fixes you put in place successfully mitigate the previous year’s problems? An annual security audit serves as benchmark to the condition and maintenance of your business’s IT environment.

  1. Review your security vulnerability analysis with your MSP or IT department.

As part of a thorough audit, your MSP or IT department should use specialized software to probe all the nooks and crannies of your network to search for vulnerabilities. But simply performing the audit isn’t enough. An annual review of your network security audit with your MSP or IT staff allows you to go over the security vulnerability scans each year and look at any reoccurring failures. By discussing the results together, you can work to find the underlying reason for any trends you find. Sometimes the problem revealed is actually a symptom of a much larger issue.

  1. Prioritize your technology needs for the next year.

IT security and maintenance can be expensive, especially when technology changes happen outside of your control, such as Windows 7 reaching end-of-life on January 14, 2020. An annual network security audit is a chance for your MSP or IT staff to discuss what needs to be done in the coming year, and more importantly when it needs to be done, so you can prepare accordingly.

  1. Address the nitty gritty details of IT management.

As part of an annual audit, your MSP or IT staff should review the state of your hardware, Active Directory for any overlooked users who have left the company, and the configurations of permissions to your systems. These are basic issues that  sometimes get lost amidst the pressing everyday IT issues that arise. Having a dedicated time to check foundational elements keeps your IT infrastructure productive and secure.

  1. Provide feedback to your MSP or IT department and keep the dialogue open.

IT security may feel like it lives solely in the realm of IT professionals, but it requires two-way communication to remain effective. An annual network security audit is an effective mechanism to open a dialogue with your MSP or IT staff and address any concerns you have. The annual audit is a great place to discuss what’s working and what’s not that so all your IT needs are met in the way your business requires.

 

Don’t wait too long to tune up your IT systems with an annual network security audit. You can’t fix a problem you don’t know exists, and cyber attacks get more sophisticated each day. A look under the hood every now and then offers more than solutions to your problems—it offers peace of mind.

For managed services clients of Anderson Technologies, a network security audit is performed annually. If you want help with a network security audit, contact us today for a free consultation.

Plan for Natural Disaster: Small Businesses in St. Louis

/in , , /by

St. Louis, Missouri, known as the Gateway to the West, is well-loved by its residents for a variety of reasons that make it a great location for businesses and home to their employees. St. Louisans love their sports teams (Congrats to our NHL Stanley Cup CHAMPIONS!) and are proud hosts of the famous, award-winning St. Louis Zoo and other free attractions in Forest Park, such as the History and Art Museums. Situated in the northernmost Ozark foothills, the city also has a lovely, rolling landscape and is close to many state parks.

St. Louis ranks on many best-of lists across the nation, including:

  • One of the “Top 100 Best Places to Live” for 2019 (livability.com)
  • Number 2 of the “10 Best Cities for Entrepreneurs 2019” (fitsmallbusiness.com)
  • One of the “Top 10 Rising Cities For Startups” in 2018 (forbes.com)
  • Number 2 of the 2018 list of “Best Cities for Jobs” (glassdoor.com)
  • Number 1 on the “25 U.S. Cities That Millennials Can Afford – and Actually Want to Live In” for 2018 (thepennyhoarder.com)
  • The Number 2 “Food City” in the United States (Yelp, reported by riverfronttimes.com)

These rankings paint an appropriately pleasant and prosperous picture of St. Louis! However, businesses looking for a home in this city should know that St. Louis has a long history of natural disasters because of its location.

The Mississippi and Missouri Rivers often become overburdened from heavy deluges in the north, which doesn’t help the fact that St. Louis is tucked into the eastern edge of Tornado Alley. The city often feels the effects of blizzards, hurricanes, and even earthquakes. This unique set of natural factors is something business owners and technology teams must consider ­in their disaster preparedness planning, to keep business running no matter what nature has in store.

IT Backup in St. Louis

Disaster planning is a critical part of your business’s backup process. This process is outlined in HIPAA regulations, but is important for every business and organization, whether HIPAA compliant or not. When you begin to design your plan, you must think from every angle of your business, not just the IT side. How will your business prepare for a disaster? What physical aspects could be affected? How will your business implement measures once a disaster has happened? And what steps will your business need to take to recover? When creating a plan, identify all things that can happen, determine the likelihood that they will happen, and tailor the overall risk to your St. Louis-specific location.

For your IT, you’ll want to document your network and computer infrastructure configuration and safeguard your equipment prior to a disaster. You’ll also want to make sure you have a two-fold backup system, with one being a physical backup stored at a safe location and one being a cloud backup. An essential for every business is insurance, both for the physical location and for digital data loss. With a disaster plan in place, you’ll be well on your way through disaster recovery, even before a disaster happens.

In addition, you should regularly test your backups and make sure the full-recovery test is successful just in case of that dreaded emergency.

Read more about disaster planning, recovery, and managed tech services for your St. Louis business!

But what natural forces specifically impact St. Louis businesses and should always factor in their disaster planning?

Flooding

Are you located in or near a flood plain? Recent major flooding in Missouri shows flooding in the last few years has exceeded the anticipated 100-year and 500-year flood levels. This should be a concern for any business located in one, and flood insurance should be obtained. Rivers notoriously breach their banks, and the Missouri River is especially unpredictable.

Originally, the Missouri was much, much wider. However, over the years, engineers funneled it into a narrower, deeper, stronger river to be used for commerce. Being a body of water, it will always try to retake the “bottom land” engineers during the New Deal era salvaged from it.

The Mississippi River is no less dangerous. As the biggest river in the United States, it has many tributaries, and by the time it travels through the St. Louis metro area, it can be swollen with excess water from the north—rain, ice, and melted snowpack. Just this year, the Mississippi has caused $12 billion in flood damage.

Floods generally provide a little more preparation time than tornadoes do, but there’s never enough time when an emergency is at hand. Don’t use warning time to procrastinate preparation. Part of disaster recovery is disaster preparedness. What steps can your business take when flood waters loom? How can you mitigate potential future loss?

Tornadoes

If the location of your company is at risk of tornadoes or very high winds, you’ll want to tailor your protection for that. Unlike floods, tornadoes can affect areas far beyond the actual funnel, with winds tearing off roofs and flipping vehicles and structures.

Most tornadoes in the St. Louis area don’t make it into the city itself, but across the county and surrounding flatlands businesses have seen the brutal effects of tornadoes touching down.

With this in mind, storing backups digitally in the cloud is imperative. If a tornado blasts through your area and carries the entire office away with it, you’ll need a place to start. Having data properly and securely backed to the cloud will ensure that your business can start up again in any location, or that you can do something as simple as contact clients from a laptop to alert them to your circumstances.

Blizzards, Earthquakes, and Hurricane Effects

The Midwest routinely receives the effects of hurricanes from the Gulf of Mexico and the sub-zero temperatures blown in from the north. Every now and then, twelve inches of snow will fall or a gale will blow through that knocks out power to a good portion of the community. Are you ready for no electricity at the office? How will your business plan for unsafe travel conditions, or below-zero temperatures when ice knocks down the powerlines?

Missouri is also known for its massive earthquake in 1812 that is thought to be one of the worst the United States has ever seen. Minor quakes have occurred during recent years due to the New Madrid fault line that clips the southeast portion of the state.

Don’t Wait

Just like any other city, St. Louis has its own set of common natural disasters, and it’s important for your company to take the proper measures to prepare for them. Planning for disaster can’t guarantee your business’s safety, but by planning for it, you’ll be ahead of the game, no matter what.

Once your fully-developed disaster plan is implemented and tested, disaster recovery shouldn’t be too detrimental on time and resources. Even smaller disasters, such as local fires or theft and vandalism are essential to prepare for.

Are you ready to develop your disaster plan? If you’d like more information on disaster recovery for your IT systems in St. Louis, call Anderson Technologies at 314.394.3001. A team member will be happy to help!

HIPAA Part 7: Getting Started

/in , , /by

We’ve come to the end of our HIPAA series, and if you’ve been following along, you might feel overwhelmed by the prospect of becoming HIPAA compliant. There’s a lot to do if you’re just starting out. Keep in mind that by creating a culture of compliance, it becomes easier to verify that you’re following the Security and Privacy Rules in the future. Instead of creating policies, you’ll be updating them. Instead of choosing technical safeguards, you’ll be evaluating what’s already in place. Once you are HIPAA compliant, it’s easy to stay HIPAA compliant.

Tips for Beginners

For those of you tackling HIPAA for the first time or those whose current HIPAA compliance program isn’t doing enough, here are a few tips to help you start the process.

Know what you have—The start of any HIPAA compliance program is determining what PHI and ePHI you have, what programs or processes access that information, and what policies or safeguards are already in place to protect it. Without knowing that, you can’t know what needs to be fixed.

Perform the SRA first—It’s the first security standard for a reason. A complete and thorough Security Risk Analysis is critical to compliance, and you’ll find that during the SRA process you’ll address many of the other standards in the Security Rule. If you don’t feel you can perform this on your own, it may be beneficial to call in an outside consulting company to help you.

Document everything—Get used to this right away. You must not only become compliant, but you need to prove that you are compliant, and that is done through documentation. Be careful you don’t fall into the trap of “paper compliance,” where you have the documentation but fail to follow through in everyday practice. A policy is useless if it’s not implemented.

Accept that it’s a process—Compliance doesn’t happen overnight. From the SRA to the documentation to the evaluations, compliance takes time. It is a continuous process of monitoring and updating to ensure the privacy and security of PHI.

Get everyone on the same page—Training on HIPAA needs to happen from top to bottom. This helps create a culture of compliance that will make ongoing compliance efforts easier. If those in leadership positions understand why it’s important to be HIPAA compliant, appropriate policies and procedures can be created and the budget adjusted according to needs. When employees know the rules to ensure the confidentiality, integrity, and availability of PHI, there is less chance that an avoidable breach will happen.

There is no one prescriptive way to go about HIPAA compliance. HIPAA is designed to be vague enough that any size or type of business can adopt the same requirements. This allows each business the freedom to implement in the way that best fits them, but it also requires that you take responsibility for the decisions you make. With that said, following a logical HIPAA compliance plan will help determine the most reasonable and appropriate measures for your business in a straightforward way. Compliance is always easier with a plan.

HIPAA Resources

Knowing where to go for information can assist any Compliance Officer in their efforts to become HIPAA compliant. Below is a collection of the resources found throughout this series.

Tired of Waiting to Work?

/in , /by

The true cost of ransomware.

Ransomware is a major threat right now. According to Datto, experts in data backup and recovery, 80% of managed services providers (MSP) report ransomware attacks in 2018, and 35% report that some of their clients experienced multiple attacks per day. Clearly, ransomware is nothing to sneeze about.

Surprisingly, though, it’s not the ransomware attack, but the downtime afterward that accumulates the greatest cost to your company. Time, manpower, customer and vendor trust are all affected. This increases the importance of defending your company against this threat.

Here’s a quick recap of what happens in a ransomware attack. First, your network or computer is compromised. Next, an intruder plants an infection that encrypts your data files, until, theoretically, you pay the “ransom.” Until then, you are stuck. You can’t use your hardware, applications, or access any of your data. Any employees who connect to your network for their job can’t work. Even if the ransom is paid, the likelihood of getting your data back as it was is fairly small. During this attack, your network is fair game to the cyber criminals, and you’ll have no idea which files they will exploit. In all reality, you might be starting from scratch to get your company up and running again. And that takes time. If you aren’t protected and prepared, you could suffer weeks of lost revenue with a high cost to recover.

The best solution for defending your company against ransomware is a multi-layer approach. To keep your network safe, you must have the following:

  • A properly configured hardware firewall
  • An internet content filter
  • Email scanning prior to delivery
  • Antimalware/antivirus software on each workstation
  • Current operating system and third-party application updates
  • Consistent, reliable, and tested backups

Whether it’s a cyber attack, human error, or hardware failure, a multi-layer approach is a safeguard for when one layer is compromised.

Read more about ransomware!

Backups are one of the most important aspects. They are your insurance policy to eliminate a huge amount of downtime. If ransomware infects your network despite all of the safeguards in place, your current backups will ensure your data is retrievable. Consulting with your IT department or MSP to ensure your backups are properly configured will keep the ransomware from infecting the backups as well.

Unfortunately, many companies don’t have all of these measures in place, and when ransomware hits, things get chaotic. Downtime can turn a disaster into a catastrophe.

Studies show that downtime has twelve times the cost of the actual ransomware attack. To calculate downtime, you must take into consideration direct employee costs, productivity losses, halted company production, and even more importantly, how your clients are affected. Are they getting the products and services they paid for? How does that affect their trust in you?

To counteract these detrimental costs to your company, it is important to focus on prevention and prepare for the worst, so when something does happen, your downtime is minimal. Backup services provide disaster recovery as a service to ensure your peace of mind no matter what.

Downtime Contributors

Ransomware isn’t the only cause of downtime, though. There are other things potentially sapping your company’s productivity every day. Poor performance due to outdated hardware, slow internet speeds, and hardware failure. How much are these often-overlooked daily experiences costing your business?

Old Hardware – New Software

Continually spending money on hardware can be frustrating. Unfortunately, that is the reality in the tech world. One year, the latest technology comes out with a wow and a bang, and by the next year, that amazing equipment is already out of date. Within a few years, it’s obsolete and can no longer handle even the most basic software updates.

Older hardware simply wasn’t designed to handle the latest resource-intensive apps.

Because technology changes so quickly, Anderson Technologies recommends replacing computers every three to five years, depending on your specific requirements. Replacing 20% of your machines per year keeps all equipment on a five-year rotation and your budget reasonable.

How can this plan save your company from downtime?

By upgrading your hardware regularly, your systems stay efficient and fast. You won’t have to wait those 30 seconds for an app to load when it should load in a fraction of that time.

Thirty seconds of downtime doesn’t seem like much until you calculate the cost of those accumulated seconds lost every week.

Hardware Failure

Hardware failure, be it a laptop or server, will happen, and inevitably it will occur at the worst possible moment, like during your busiest time of year. Because of this, it’s best to be proactive. If you’re continually refreshing hardware, not just computers, at the rate of 20% per year, everything will be less likely to experience failure due to age.

Just like with ransomware, the best insurance policy against hardware failure is having up-to-date backups. Failed hardware can easily be replaced, but the information stored on it may be lost unless it’s backed up regularly. Your MSP can help you determine the frequency of backups and provide backup options to ensure that your company can get up and running as quickly as possible.

Slow Internet

This is probably the most common downtime-inducing culprit. There are several factors that may contribute to slow internet. The first step is to double check what speed you pay for with your internet provider and make sure it matches the speed you observe on your network. If the two speeds match, then you may need to invest in more speed.

If you’re paying for a higher grade of internet, but still experiencing slow speeds, there may be something misconfigured in your firewall or switch. If the firewall or switch are over five years old, they might need to be replaced. Older firewalls or switches are just like the old hardware we mentioned earlier – they can’t keep up with the traffic going through them and act like a bottle neck. For instance, your LAN switch may be running at 100 Mbps, but you’re paying the ISP for a 400 Mbps internet connection! Upgrading to a gigabit switch in this example is a simple, cost-effective solution. A properly configured and updated firewall and network switch will give each user the full speed the internet allows instead of bogging it down.

 

Would you like more information about saving your company from the threat of ransomware and downtime? Contact Anderson Technologies at 314.394.3001 or email us at info@andersontech.com.

Talking Network Security Audits and More: An Interview

/in , , /by

What makes your business special? This is probably one of the first questions anyone will ask about your company—your IT vendor included! Nobody knows your business better than you, and learning what goals and values drive your company is an important step in the Anderson Technologies discovery process.

When a potential client reaches out to us, we offer a free network security audit that compiles the best parts of our IT consultation skills to analyze what’s unique about your company and its technology. A network security audit usually entails a system administrator coming on-site to evaluate the hardware and software your company uses, and then our team takes a closer look at the infrastructure and how it could be affecting day-to-day functions and protection from cyber threats. These audits give our IT experts a chance to familiarize themselves with your specific network and highlight any vulnerabilities in your cyber security coverage or computer system efficiency.

In order to fully understand the impact of network security audits on our clients, we spoke with A. A., Chief of Staff of a wealth management firm located in West St. Louis County that has been an Anderson Technologies client since August 2018.

Anderson Technologies (AT): What can you tell us about your technology goals before you learned about Anderson Technologies?

AA: I joined [the firm] in November 2017, and one of the first things that really became a passion project for me was how our IT was structured. I wasn’t impressed with the provider we had, with how they were addressing our concerns, issues, or responsivity. I would reach out, maybe hear back in a week if it was something that wasn’t business-critical. If it was business-critical, it would take every bit of 48 hours, and I would just get passed around. I’d be like, “Listen, we can’t access this,” and a couple days later even though I sent multiple emails, “Hey, A., got your email, we’re looking into this.” Well that’s not really a solution.

Read more about Anderson Technologies’ enlightened solutions for the financial services industry here!

AT: Your husband and Vice President of the firm, N. A., met Amy Anderson at a networking event for local business owners. He knew about your interest in IT, so what made him recommend us to you?

AA: N. A. said, “They approach IT management the same way we approach wealth management: very methodical and particular, everything is structured.” For us, that’s exactly how we want to work with our clients: What are your issues, let us take time to get to know you personally, let me see if I can identify this, this is what I heard, here’s what I think we need to do, here would be the next steps we recommend and then it’s in the clients’ hands to decide.

AT: Did your initial impression of Anderson Technologies live up to the expectation N. A. set?

AA: I basically got an hour, hour and a half with Mark and Amy [Anderson] at no charge where all they did was sit down and listen. They heard everything that we had been through as far as what we were currently trying to accomplish as a business, whether that involved our IT needs or not, over the next two-to-five years.

Wow, these people actually heard me. They know what I’m going through, and I think they actually were connecting the dots.”

I felt like these people have my privacy and my security as a top priority, which is really important to me especially in the industry we’re in. I feel like they’re really taking the time to educate me on things that I should be concerned about and things that they’re going to be looking for.

AT: What was the network security audit process like?

AA: Honestly, it was painless. Anderson Technologies came in and said, “Here’s what would need to happen,” and they went step by step—Here’s what this audit would look like: we’re going to come into your offices at a predetermined time, it’ll be completely private, we’re going to go into wherever your network closet is, and here’s what we’re going to be looking for.

AT: What issues did the network security immediately bring to your attention?

AA: One of the first things that jumped out was our server itself. Mark told me, “Your server is on its last leg, but this dovetails nicely into one of the things you had mentioned you wanted to do, which was transferring everything to the cloud.”

I went from someone who was telling me, “Eh, its good enough, when it breaks we’ll deal with it,” to someone saying, “Let’s be proactive, and let’s tie in what you already told me your goals are and how we can actually make this solution for this issue as well as for your long-term plan.”

AT: Did the network security audit reveal anything that would have been missed without it?

AA: As a wealth manager, any application you would fill out as a client and sign, or any document we may need to have a copy of, like your mortgage or your tax returns from 2016, we want to have a copy of it. We were actually paying for a service that was a branch of our CRM [customer relationship management]. It was fine, but it was cumbersome. It was not cost-prohibitive, but it didn’t make sense to spend $100 a month for this upgraded secure opportunity to store all of our files when, ultimately, we know we want to go to the cloud eventually, which again was part of our initial discussion.

Anderson Technologies said, “Based on what you’re telling us and on our experiences with HIPAA requirements, after we implement a new backup process you can put everything out on OneDrive and it will be just as secure.” Now having said that, “Check with your broker dealer” was Mark, Amy, and Farica [Chang, Director at Anderson Technologies]’s advice, “and make sure they don’t have additional requirements.” So they really covered all their bases saying, “Here’s our expertise, here’s who we recommend you double check with on your side, but here’s what we think the answer will be.”

Ultimately we went from spending $100 a month on an application system that was cumbersome, difficult to use, not intuitive, to something that integrated with our day-to-day applications in Office 365. [We went from a process of] … either adding files, which took 30 seconds, to retrieving files, which took take a minute per file based on the old system. Now we’re able to say, “Great, we’re going to access this just like anything else,” and it’s right at our fingertips in seconds.

While it may seem nominal reducing 30 seconds or a minute down to a couple of seconds, it makes a big difference when that is your day-to-day, in-and-out job.

Creating those efficiencies is invaluable to an office like ours. I would sit here and try to open something and go through a series of clicks, or because the system was slow I found myself getting distracted and checking emails when it was something that should have been my singular focus. Now I can do that.

AT: How did the audit lead to a partnership between your firm and Anderson Technologies?

AA: It was the attention to detail. After the audit, we decided we wanted to work with Anderson Technologies. We like your process, we like that we feel like a priority, which was a huge gap in our previous provider’s services. Being able to sit back and [have Anderson Technologies] say, “Here’s everything we recommend for you guys. These are the routers you need, these are the wireless access points,” and just going through and itemizing each thing and saying, “Here’s what you will see as a result of making these changes, and here’s why this is good for security, this is why this is good for speed,” was just a huge relief.

The day they came in and installed everything, it just felt like, “Great, this is one less thing I have to worry about, one less thing that I can sit there and double check and question.” I feel like these are people that have actually taken the time to say, “This is the right solution for you, and we’re on top of it and we know when it is no longer the right solution for you.”

Interested in reading more about how Anderson Technologies provide support through system administration? Click here!

AT: What do you see in the future for your partnership with Anderson Technologies?

AA: One of the things we love about you guys is you’re very similar to how we operate. We sit down with clients and everyone’s happy until there’s a problem. No one knows that they have an issue with their IT provider until suddenly they can’t get online, suddenly their phones don’t work, whatever it might be. Same thing with wealth management. Everything’s fine until the market crashes and everyone wants to call you. We get it. But you guys are also really good and you have a similar process in that you lay out line item by line item, “This is what you can expect, and if this is what you need here’s what we can deliver.” You have this level of understanding.

It’s the peace of mind that I get knowing that Anderson Technologies is watching out for not just the hardware and software, but when I walk in in the morning and that if there’s something wrong, [Senior System Administrator] Eric Dischert has already called me, explained what it is, and explained how he’s fixing it. There’s a level of proactivity there that cannot be undervalued. I’ll open a ticket and … I get a response almost immediately saying, “Here’s the deal, we know what’s going on, we have a solution” or ”We need more time to find a solution because of this,” and then I at least know that my emails are going somewhere.

AT: Thanks for taking the time to speak with us, A. Do you have any final thoughts before you go?

AA: If there’s something that you didn’t get for your article let me know, because God knows I’m pretty sure Anderson Technologies has checked that box for me.

 

Do you need your technological boxes checked? Contact Anderson Technologies at 314.394.3001 to speak to our IT experts and schedule your free network security audit.

Office Depot Pays for False Malware Reports

/in , , , /by

Do you trust your computer’s security to anonymous department store employees?

For many, the low price, high convenience, and ease of taking a home computer or laptop to a store like Office Depot or OfficeMax for maintenance or repair far outweighs any risk that would normally be associated with a stranger sifting through your files. A solid reputation for service makes a free scan from stores like Office Depot seem like the perfect solution to minor computer issues.

Unfortunately, between 2009 and 2016, one corporation violated the trust that comes with that reputation.

PC Health Check

During this time, Office Depot/OfficeMax utilized an application called PC Health Check and ran the program as part of its in-store computer services. The program’s free scan was marketed to check the “health” of PCs by scanning for malware. However, instead of actually checking the computer, if any one of four signs of probable malware were selected by the user, PC Health Check automatically reported the presence of malware and suggested the user pay for PC cleaning and repair.

PC Health Check was licensed to Office Depot and OfficeMax by Support.com, who received a percentage of each purchase. In late March, the FTC reported on their ruling that the companies will now be prohibited from making deceptive claims, and will pay $35 million in fines to the FTC, which the government will then distribute as refunds for fraudulently-triggered purchases.

Exposed!

Ars Technica reported that in November of 2016, this scam was exposed by Jesse Jones of news station KIRO 7 in Seattle. The investigations team ran six brand new computers through PC Health Check, and four of the six were flagged with symptoms of malware, even though the computers had never been connected to the internet. These same computers were found to be malware-free by an independent IT services provider!

After this report, Office Depot/OfficeMax pledged to take appropriate action and pay the agreed-upon fine. According to the FTC, that had not yet happened, though the PC Health Check program’s use was discontinued.

Read about Anderson Technologies’ approach to managed IT services here!

The Takeaway

This FTC ruling should serve as a warning to anyone soliciting unneeded maintenance and repair, but it’s also a warning for consumers. The security of your business machines and network shouldn’t be trusted to just anyone.

Ask questions. What evidence does the IT services expert have for the action they propose? Does the software they utilize for diagnostic purposes have a solid reputation? Have other individuals and businesses experienced positive results after working with the expert or team?

At Anderson Technologies, we recommend cultivating a relationship with your IT services provider over time. The best results come from managed services providers who interact with all levels of your network and computer systems. Of course, emergencies happen, often when we least expect it. In those cases, resist the temptation of a quick fix even from a brand name.

Could you be eligible for a refund from the FTC in this case? Click the Get Email Updates button on their announcement. Seeking an alternative to cookie-cutter IT support? Contact Anderson Technologies and see how we’ve earned our reputation over twenty-plus years.

3 Easy Ways to Make the Most of Your Firewall

/in , , , /by

Is the mess of cords and cables in your server room weighing heavy on your mind? Whether or not you rely on a managed services provider (MSP) to keep your IT systems organized and in check, you have a responsibility as a business owner to understand the hardware that keeps everything running.

Misinformation about firewalls is one of the most common issues we see at Anderson Technologies. When asked “Do you have a firewall?” most business owners will emphatically respond “Yes!” without realizing that they’re unfamiliar with the hardware that they think is safeguarding their company. That dusty router in the corner of the phone closet or server room probably isn’t doing much more than its job, which is definitely not to protect your network.

We’ve previously written about the differences between hardware and software firewalls, and Anderson Technologies always recommends an enterprise-grade hardware firewall for businesses under our care. But don’t let that be the extent of your knowledge!

Below we’ve compiled a quick guide to understanding the nuances of your firewall and related equipment. By using the tips below, you’ll have an extra level of familiarity when discussing your hardware options with your MSP or teaching your employees proper cyber security protocol, as when striving for HIPAA compliance.

  1. Get to Know Your ISP

You might be asking, “What does my internet service provider (ISP) have to do with my firewall?” The answer to this question varies greatly depending on your network setup. When asked about firewalls, many business owners automatically point to their internet modem or router, and misinformation from ISPs and previous MSPs are to blame.

Most home networks don’t have or require a separate hardware firewall, because the modem and/or router provided by your ISP may have a basic one built in—that is, if it’s configured correctly (more on configuration in #2). Businesses, on the other hand, almost certainly require a more robust level of protection in the form of a hardware firewall. Though HIPAA’s security standard §164.308(a)(5) doesn’t explicitly state the particular hardware necessary to protect against malicious software, having a trustworthy firewall can help and is well worth the investment beyond regulation compliance.

Your ISP factors into the firewall equation at a very basic level. After all, if you don’t have an internet connection, what is your firewall protecting? Your MSP can easily adjust things like wireless access points and device connections, but if there’s a problem with the internet itself there’s not much we can do. Whether you’re using your wireless router’s built-in firewall or an enterprise-grade Meraki, that stream of internet flowing into your business relies solely on your ISP.

Along with your IT services provider, your ISP is a partner and resource when it comes to the technical workings of your business. Always have your ISP’s contact information handy in case a security or performance problem is coming from the foundation of your network—the internet itself.

  1. Configure, Configure, Configure!

Configuration is a term that tends to scare those who don’t consider themselves “tech-savvy,” but at its root, configuration is nothing more than telling your devices how to work.

Think about it this way: when you bring your new smartphone home, it won’t have any of your personal settings or information. Maybe the menu text is too small to read, or the brightness and sound aren’t set to your liking right out of the box. Fixing these settings may take some general knowledge about how the phone works, and possibly some investigation and deduction. But once you’ve changed all the settings to fit your lifestyle, the phone will be working for you and not the other way around.

Configuring your firewall and other network equipment works pretty much the same way, but with nuances that might require outside IT services. Firewall configuration determines which user accounts can manage the firewall’s settings, which computers can access different layers of confidential data, and any other restrictions you need to implement. After this, your firewall will know exactly how to act in a way that meets your business’s individual needs. Guides on configuring your firewall on your own aren’t difficult to find, but when it comes to your business’s firewall, if you feel unsure about how to program it, consulting with a professional is recommended.

  1. Bolster Your Network—Inside and Out

Businesses are prey to targeted attacks more than ever, according to Symantec’s 2019 Internet Security Threat Report. Cyber criminals are stealthier in how they infiltrate networks and know how to take advantage of any weakness. Your firewall serves as your network’s dedicated bodyguard, but what is a bodyguard without backup when trouble arises? Supplement your firewall with both inside and outside reinforcements.

Network protections from the inside include intrusion prevention systems (IPS), robust antivirus/antimalware software, and protective buffers like Proofpoint or multi-factor authentication (MFA). If a cyber threat circumvents the firewall by entering your network from the inside—such as from unregulated permissions or compromised or unpatched software—security software can mitigate the damage. Inside protection also includes ransomware detection and data backups in case the worst happens.

What about protections outside your firewall? Those can be more difficult to implement, if only because they deal with the most vulnerable factor in any security network—humans. Email filtering tools (like Proofpoint) and internet content filtering software (CFS) can screen most of the potential threats that present themselves to your employees. But all it takes is one employee opening one spammy link from a spear phishing email, and your whole network becomes victim to a targeted attack. Everyone on your team needs to have the same awareness, goals and training because firewalls can only do so much on their own.

Firewalls are amazing investments that can save your business hundreds of thousands in the long run by preventing devastating cyber attacks. It’s important to know what’s going on beyond all those cables, circuit boards, and blinking lights. And when someone asks if you have a firewall, you’ll be able to confidently point out the device and know your network is protected.

Anderson Technologies is always here to answer any questions you may have, regarding firewalls or other cyber security topics. Contact us today here or by calling 314.394.3001.