- June 5, 2016Read more
Office 365 Data Residency in Canada now Available
The two data centres in Toronto and Quebec City offer Canadian business options for “Canada Data Residency”. This data centre region provides in-country data residency, failover and disaster recovery for core customer data at rest to customers in Canada.
Data residency has been the biggest concern for business and IT leaders when it comes to cloud adoption. When it comes to compliance issues such as PIPEDA and data leaving the country, business leaders have a lot to worry about. These worries are eliminated. Microsoft has developed many tools to address these concerns regarding security and compliance.
Built-in Security Measures in Office 365
Physical security is typically better than on-premise security. Microsoft datacentres employ 24 hour monitoring and restricted access to any of the facilities. Physical access control uses multiple authentication methods including biometrics to ensure the essential personal according to function is allowed.
Dedicated threat management teams, port and perimeter scanning, and intrusion detection to prevent malicious access.
Encryption at rest and in transit, constant security management, and data/file integrity detection services.
Strategy for Office 365 Implementation
Preparation and planning is the key to a successful migration. I have listed below a few links that would be a good starting point in understanding security and compliance in Office 365.
Deployment Planning Checklist – A proper project plan should be derived after reviewing the steps and documents in this link.
Security in Office 365 Whitepaper – A more in-depth review on security and compliance in Office 365 based from my summary above.
Security and Compliance in Office 365 Administrative Help – Security and compliance task breakdowns from an administrative point of view.
Once a decision is made to migrate to Office 365, Microsoft has made numerous resources available. BIT can assist in network infrastructure assessment in regards your current Office setup from Exchange Servers to endpoints. BIT can deliver licensing, billing and support for Office 365. For more information, give us a call.
- May 29, 2016Read more
Microsoft introduced Windows 10 last year and it is a free upgrade to qualified users. We now have approximately two months left before the July 29th, 2016 deadline.
When Windows 10 was released there was a lot of concern regarding privacy. Even in the past few months, there was plenty of controversy with Windows 10 being upgraded automatically as a recommended update. Windows 10 seems to “almost” have as much backlash as Windows 8!
As the deadline approaches, the question is should you upgrade?
In my opinion there is no reason not to upgrade. A good reason not to perhaps is that your software or peripherals may not be compatible with Windows 10. If your current hardware does not meet the minimum requirements for Windows 10, you are probably overdue for new PCs. If you are concerned with privacy, check out my earlier blog.
With Windows 10 being a free upgrade, a small office can save a considerable amount of money if they upgraded. After July 29th, you are looking at $120 to $200 per PC to upgrade depending on which edition you have.
Pre-Checklist for Upgrading to Windows 10
My experiences with installing and upgrading Windows to version 8 and 10 have been painless. To ensure you also have pain free upgrade, follow these best practices:
1 – Check Compatibility with your Hardware Vendor
If you have a PC that is a couple of years old, there should be no issue with upgrading. First confirm that you device meets the minimum specs. Check with the support page for your device for any further information. A check here can prevent a surprise moment during install.
2 – Obtain Necessary Driver and other Software Updates
While you are on the vendor page, this is a good time to check for potential updated drivers. Most common would be video drivers and network/wi-fi adapter drivers. Windows 10 is quite effective in obtaining drivers it requires during the upgrade process. Our job is not to tempt fate by not being prepared! Download your drivers and place them on a USB stick. If The installation asks for a certain driver, the process will go a whole lot smoother. Don’t forget to check for other peripherals such as printers and scanners. Take an inventory of all applications that you use. Are they compatible with Windows 10? Are there any updates?
3 – Record & Have Software Products Keys Available
Nothing is more frustrating when you need to produce a registration key and it’s missing, lost or simply unavailable. A good practice is to keep your registration keys in a text document saved on a USB stick and also a printed copy to have on hand. You want to ensure you have your Windows key as well as your Office product registration key on hand if its required. If you don’t have your Windows key available, the most common place to check is the sticker typically affixed to the the side or underneath your PC/laptop. If you are not so lucky, the following blog from HowtoGeek gives a good tutorial on obtaining them.
4 – Clean Up Your Hard Drive
In preparation of any Windows install, it is a good practice to keep your PC free of junk and unwanted applications and files. This is especially true when it comes to Windows 10. If you decide to download Windows 10 but install later, you will want to ensure you have the free space. Also, if you want to rollback to the previous version for whatever reason, then you will need space for your archived version. You may want to start by archiving data you no longer need to be on the PC to a backup drive as a first step. Any application you no longer need can be uninstalled and data removed. Your browser’s history and temp files is another source that needs to be cleaned if you don’t do this on a regular basis. The application CCleaner does a great job of automating the removal of temp and junk files.
5 – Backup Your Data
Once all your preparatory work is completed, you want to ensure that all your data is properly backed up. If any worst case scenario occurs we don’t have to worry. I would recommend not only having your files backed up to another source, but having an actual hard disk image of your PC. Having a disc image is great if the Windows 10 installation completely fails. You can restore to a previous state with a backup image of your PC. Acronis True Image is one example of disk image backup. A review of the product from PC Magazine is here.
1. Lock in Free Upgrade and Install Later Strategy
If you have the “Get Windows 10” icon in your taskbar, then you have the option to download Windows 10 and upgrade later. This is a great strategy to lock in your free upgrade to Windows 10 and update in the future beyond the July 29th deadline.
For whatever reason you can’t update (example, some software is not compatible yet or you need to wait to obtain compatible peripherals), If you don’t have the icon in your taskbar you can still digitally activate a Windows 10 license. An excellent article from ZDNet outlines how to do this process.
2. Create a Trial Environment
If you have created a disk-based backup image, you can upgrade to Windows 10 and jump in. For the more advanced user, you can create a virtual PC using tools like VMWare Workstation or Hyper-V. Windows 10 will store your previous operating system for 30 days. That is your window to rollback to your previous operating system if things don’t work out. If something disastrous occurs, even after the 30 days, you will be happy that you created a disk image backup before you started. Take the opportunity to test everything from software to hardware. If something does not work, check with the vendor. Do they have software or driver updates? Any hardware conflicts? Having these results from the trial can prepare your road-map for the future for software and hardware decisions.
Windows 10 is definitely worth investigating. Downloading and upgrading later is a good idea if you require more time to perform proper trials and testing. Take an opportunity to download the files before the July 29th deadline.
For deployment and migration strategies of Windows 10 for your organization, give BIT a call!
- May 23, 2016Read more
It is unfortunate that it takes a disaster to implement a plan.
With the rise of cyber-attacks, it’s not a matter if you will be targeted, but when. It’s a common belief that early stage businesses are “too small” to be a targeted for an attack.
Taking a look at some statistics we find the following:
- 44% of SMB have been victims of cyber-attacks. Average Cost per attack $8700
- 60% of SMB that are victim of a cyber-attack go out of business within 6 months of the attack
A colleague of mine (who I will call Larry) was hit by a ransomware attack. He arrived mid-day to find his office almost shut down while his IT consultant was restoring data from the previous day’s backup to the server. Larry was very lucky. If certain events did not go his way, he may have fell into that second statistic. The office’s PC and network infrastructure was offline for 8 hours while the consultant restored data and hunted down and removed the infections.
If you factor the hourly rate of the consultant at $100/hr, we are looking at an $800 bill for his services.
If you calculate the downtime of his staff not being 100% productive for 8 hours, we can estimate anywhere from $2000 to $3000 on just wages.
So our downtime calculated so far is in the range of $2800 – $3800 for the unfortunate incident of clicking on the wrong email or landing on the wrong website. When we take a deeper look at downtime costs, we have not included lost opportunity costs such as billable hours or lost sales. Other factors to consider beyond the duration of the actual downtime is lost productivity costs based from the attack. For example, a bookkeeper may have to re-enter and rebuild previous transactions back into the accounting system. Based on how much data has been impacted or lost between backups is another significant cost to consider. When you search online for downtime calculators, there are plenty to choose from. The bottom line is that the actual cost per attack now becomes closer to or exceeds the figure stated in the first statistic listed above.
Lessons Learned and 5 Steps to Prevent Cyber-Attacks:
Lesson 1: Have Proper and Fast IT Support
Once the ransomware was detected, The IT consultant dropped everything and was on route to the office. If you don’t have internal IT support and rely on a 3rd party provider such as a consultant or a MSP (Managed Services Provider), ensure they have adequate staff and appropriate SLAs (Service Level Agreements) to deal with such an emergency. The last thing you need to hear is that they are tied up elsewhere. IT Support should also be on top of update patches for applications as well as the operating systems. Malware and viruses typically exploit these vulnerabilities.
Lesson 2: Ensure you have a Solid Backup Process
Your backup is your first layer of defense. If all else fails, you should be able to rely on your backup. You should also have an offline backup. Larry had a removal hard drive attached to the server which he removed nightly and placed in a safe. If Larry forgot to remove the hard drive from the server, certain ransomware variants are able to infect those drives as well. Implementation of an automated cloud backup makes this job easy and removing any “human error” in case one forgets to change/remove drives. NOTE: Any backup operation ALWAYS requires due diligence by periodically testing the restoration process.
Lesson 3: Get a Next Generation/Unified Threat Management Firewall
According to AV-Test, “The total number of malicious programs found in the wild will surpass the half billion milestone this year.” That’s more than double from 3 years ago. A lot of small business have routers from their internet service provider (ISP) that acts as their firewall. We need to take steps to counter these threats by employing more robust devices. Next Generation Firewalls (NGFW) have advanced functionality that can appropriately inspect/filter incoming and outgoing data plus a wide range of other applications. Gateway anti-virus and spam blocking are the most popular features. NG or UTM firewalls have come down in price and are no longer exclusive to large enterprises.
For example, the WatchGuard T30-W Firewall appliance is designed for small business and runs for about $1075. As many may feel that this may be a bit pricey, I believe it’s a small investment. As we now know how much one incident costs.
I recommend WatchGuard firewall products for their price/performance ratio as well as ease of use. Click here for a review on the T30-W from SC Magazine.
Lesson 4: Have Upto Date Endpoint Security Protection
It is always essential to keep your PCs and laptops updated with the latest security software. This layer of security is just as important as the firewall since a threat can bypass the firewall if its carried in by a USB stick. Most security software vendors work round the clock to keep their virus signatures up to date. Due to how current trends in how malware and viruses can be quickly re-compiled to bypass signatures, I recommend Webroot’s SecureAnywhere products. Webroot manages the processes on the device through a cloud based scanning engine. If a malware executes on a PC, SecureAnywhere can instantly stop the malware from causing any harm. SecureAnywhere received PC Magazine’s Editor’s Choice award in April.
Lesson 5: Training for Staff
In the past, security and or awareness training was minimal to non-existent at best. Staff did not really need to be trained to be on the lookout from a “Nigerian prince”. Today that has changed. Phishing emails target end user staff by tricking them into clicking on an attachment or sending information to even performing wire transfers. In Larry’s case, staff was quick to recognize the issue, call the consultant and turn off machines to prevent the infection from spreading further. Companies like KnowB4 have awareness training programs where they can test staff against phishing attacks.
If a business implemented all of the above recommendations, there is still no guarantee that you can escape an attack. No one can guarantee that. That is why your backup will always be your first (or last depending on your perspective) line of defense if an attack is successful. However, if the investment in all these tools stop that ONE attack, you probably have achieved your ROI. In a recent blog, I mentioned how SMBs need to review their IT, not only to be compliant with industry standards like PCI, but to be competitive as well if that organization needs to share information with other partners or clients. I also predict that having a NG or UTM based firewall is going to be a standard within the next few years for compliance and insurance requirements.
For more information about how BIT can help develop your security solutions from gateway to endpoint, give us a call.
Image courtesy of Ambro at FreeDigitalPhotos.net
United States Office