Category Archives: IT Security

Picking the Right Backup Strategy

As part of our backup series, we will be continuing our discussion on backing up your most valuable business asset, your data.

Having a great backup application, like the StaySafe Protection Program, isn’t enough if you don’t have a good backup plan.

A good backup plan includes three components:

  • schedule and frequency
  • retention
  • recovery

Schedule and frequency

When considering your backup strategy, you need to know how often and what time you want your backup to be performed.

Most businesses simply default their programs to nightly because that is what they were told. There was a time when that was the prevalent strategy because of technology limitations. Backups would take all night, clog bandwidth and cause any day time work to come to a screeching halt.

However, times have changed. Newer “smart” programs like StaySafe Protection Program can send data incrementally, thus reducing the network load. They can also detect what has changed and only update those files that have been altered.

Good backup strategy goes beyond technology. Businesses need to consider how they are using their data to properly devise a schedule and frequency.

For instance, let’s say you have an accounting program that is only run once a month after payroll. It would be a wasted effort then to perform daily checks and backup of the data since it only changes every month. Alternatively, there might be a program that collects critical information every second, such as a highly regulated environment. This data may require more frequent backup but only during office hours.

All data shouldn’t be treated the same. Some of your information is more critical for your operation than others. Correctly identifying this information and isolating it will help ensure your backup plan protects your business at the right levels.

Retention

Now that you’ve backed up your data, how long do you keep it?

In a hypothetical world, we’d love to keep the data forever and never risk losing anything. In the real world however, storing data takes up valuable space. Be it a local storage device or remote cloud service, that space is finite and costs your business to increase thus you can’t consider your retained copies as an infinite storage.

So what is the right retention policy?

In many ways it comes down to:

  • schedule and frequency of backup
  • size and type of data
  • BUDGET

If your backup schedule is only monthly and you only retain a month of data, then you will only be as good as the last copy of events. This is hardly any protection from loss or corruption. If you store large files, such as graphic images or videos, the space you require per file increases drastically. The biggest consideration is – how much are you willing to spend on something you may never look at again?

As you can imagine, there is much to consider in this space before you start any backup plan

Recovery

Most business owners are knowledgeable when thinking in terms of backup but many never really spend any time to think about recovery. They assume that as long as the data is “backed up” it must be recoverable.

Unfortunately, that is not always the case. In some situations, the process of backing up changes the data format, making it unreadable by the original application.

Alternatively, the process of recovery could take hours if not days to become operational once more.  Having the appropriate Business Continuity Device, such as the devices by Cornerstone Backup, a Solve-IT.ca partner, can ensure your operation is back in a short period of time.

In still other situations, such as email, newer information may be lost if the backup were to be restored. A decision and procedure needs to be in place to ensure important new information isn’t erased by the recovery procedure.

In still other situations, the business has not set up the right schedule/frequency and retention for backup and the necessary copy of the information is not available for recovery.

The worst situation is when there is an emergency occurs and the necessary people can’t be contacted to get the recovery started.

In all situations, it is advised that after the business has devised a backup plan, including recovery procedures, they include the plan as part of their Business Continuity Plan. At scheduled times this plan is reviewed and tested to ensure it works. Consider it as a “fire drill” for all components including your backup recovery.

Without considering all 3 aspects of recovery, the best backup program in the world cannot properly safeguard your data.

If you need help coming up with a properly developed plan or would like a demo of our StaySafe Protection Program, call us at 905-388-2597 or send Solve-IT.ca an email or contact us directly and we will be happy to work through a plan with you.

 

Safeguarding Your Laptop

In today’s fast paced world, business is always on the move. If you are like many businesses today, this means more than just some glossy metaphor. With lighter, more powerful laptops, your office can travel with you. You don’t have to be out of touch with your critical information simply because you’re “on the road”. With cloud computing and virtual desktops, every aspect of your business can be available to you at the tips of your fingers.

But what happens when you lose the ability to use that laptop? What happens when you have information stored on your laptop that you just can’t afford to lose? Perhaps it’s that latest details of your next major project or the start of a presentation you’re planning on delivering. Perhaps it’s a copy of an agreement or revision notes you’ve taken while you were speaking with a client. Can you afford to lose that work?

As we’ve discussed before, information is one of the most valuable assets of your business. Losing it can cost you and your business a lot.

There are many ways you could lose your laptop, including but not limited to:

  • theft
  • hardware failure
  • damage or dropping your device
  • hard drive corruption

Is the information on your laptop safe from these situations?

According to FBI’s Computer Crime Survey, the estimated cost of computer security incidents is $67.2 billion annually. And based on a recent study by Ponemon Institute, organizations lose up to $7.2 million each data breach and an average of $49,246 of data per lost laptop.

If you are concerned at all, consider the StaySafe Protection program. The Protection program is the newest member of our StaySafe suite of services all designed to help keep your most valuable asset, your data, safe. What makes StaySafe Protection unique is that is has a laptop specific component, Mobile Vault, designed for the “on-the-go” business person.  Mobile Vault provides your laptop will receive industry leading business-class backup service, fully encrypted data transfers, IP tracing and remote data removal. Compare this with traditional backup strategies.

Traditional Backup Plans StaySafe Protection Mobile Vault
Business-class backup of data
AES 256-bit encryption of data ?
Load balance/silent data transfer ?
IP Tracing of devices
Remote data destruction

Business-class backup of data

Let’s face it, not all backups are created equal. Business-class backup comes with a level of integrity that you can’t get from at home versions of backup. Business-class backup includes:

  • redundant systems to ensure optimal uptimes
  • professional level software enabling greater level of control over data
  • ability to apply policies and create procedures the increase compliance of data

AES 256-bit encryption of data

One of the greatest dangers of working with data over the Internet these days is the fear the information can be stolen. Without proper encryption, your business intelligence and competitive advantage is just floating out there for someone to pick up and steal. AES 256-bit encryption is the latest and greatest in industry techniques.

Load balancing and silent transfer of data

Most traditional backup plans will require you set a time to “run” the backup. It utilizes all of your system’s resources to upload the computer’s information into a remote location. This process can take hours to complete and tie up critical systems, slowing down the internet and any other operations on that system. As such, most businesses schedule traditional backup plans to run late at night, when they expect low traffic on their network.

But with remote systems, you can’t always predict when you’ll be hooked up to the internet and available to do this backup. Under the traditional backup plans, that could mean your computer will miss these critical backups. Or worse, your already slow remote connection will move even slower because you’re trying to share the bandwidth with your backup process. Many times, you’re not connected to these remote internet services long enough to truly perform a full backup, thus potentially corrupting your backups and losing your critical data.

Under Mobile Vault, the service is intelligent enough to perform data transfer in increments, transferring small packets so it not only using less bandwidth but can optimize on your limited remote access. If you lose connection to the internet, it will simply resume where it left off and thus prevent data corruption.

IP Tracing and Remote data destruction

One of the scariest things that can happen to any business person is losing their laptop. Not only is it a physical asset loss, it could also mean the loss of critical information and compromise of the business. With Mobile Vault, businesses are now able to track and remove critical information even if the computer is physically lost.

Using the administrative interface, Mobile Vault can put a listener out on the Internet. As soon as the computer tries to connect to the internet again (which is a standard process triggered when most computers turn on), the system will retrieve the location of the computer via IP address. From here, the lost device can be located and any critical information removed remotely from the system.

Interested to learn more about what StaySafe Protection or any services under the StaySafe line can offer your computer? Just give us a call or email today. We’d be happy to assist you further and help evaluate if this service is right for your business.

Location Matters Even in the Cloud

The idea of going to a Cloud system (aka remote computing) for businesses can either be scary, exhilarating or a mix of both. If you’re moving your business to a clouded solution, there are many things to consider to make sure your most valuable business asset, your data, is safeguarded.

With that in mind, one of the most overlooked but critical criteria that business owners review when considering a clouded solution is the data location.

Here at Solve-IT.ca, we ran into just such a situation while working with a client.

What is Data Location?

When we speak of data location, we’re now moving out of the “cloud” world and into the real world.  We’re talking about the actual physical location where the servers that hold your data sit.  When you deal with a virtual environment, your data could sit literally anywhere in the world.  With most clouded servers you buy these days, that data will probably sit to the south of us in the United States.

Why does physical location matter?

Because most of these remote servers actually sit in the US, we have a unique situation here in Canada that our southern counterparts don’t necessarily consider.  Whenever we store data in a virtual environment where the physical server is located in the US, we are sending our data out of the country.  Depending on the type of data and level of privacy it falls under, legally, the information should not cross the border without the person’s consent.

Furthermore, because the server resides in a different city, province, and country, the data falls under the jurisdiction of the local municipality of that server.  Thus, if there are additional rules or regulations that are applied at the local level, the data must comply with those standards as well.

To further make the situation difficult, Internet laws are becoming more complicated because data actually can pass through multiple countries and locations as it “jumps” from server to server to its final location. Certain countries are putting in regulations that govern data that passes through their countries.  For instance, Canada will be implementing CASL (Canadian Anti-Spam Legislation), which governs the use of certain personal data for business anywhere online.

The Situation

We were approached from a client to resolve this very complicated situation.  Because this client retained medical information which needs to stay within this country, we had to investigate solutions from a higher level of consideration.

We worked with many companies and server solutions, questioning them on their server location, backup locations, mirrors and safeguards such as firewalls that they had in place. Using our understanding of remote desktop support and ability to delve deeper into the technical details of the provider’s systems, we found a provider that meets all security requirements AND all their servers are located in Canada.

Conclusion

In today’s technological world advances such as cloud computing are ideal for helping small businesses expand at a pace that is reasonable to them without a large initial investment.  Tackling cloud computing for business is different than simply utilizing iCloud or SkyDrive or the like for your personal needs.

When done correctly and with the right level of technical considerations, cloud computing can be the solution that propels your business to the next level.

Are you ready to take the next step?  Need help?  Give us a call here at Solve-IT.ca and let our experts assist you in picking the right solution to fit your business and industry needs.

The Nasty 5-letter Word

In the business world, the term “audit” is a nasty 5-letter word.  It often refers to financial auditing and is wrought with anxiety and countless lost hours of production.

Did you know that when it comes to technology, auditing can actually save you money and, in some cases, help you propel your business to the next level?

Not many people think about auditing their IT systems.  Computers tend to be a “put it in place and forget about it until it breaks” component of business.  The reality is you could be wasting a great deal of money by not regularly performing audits on your IT environment.

We equate this leakage to the same as a bad sealant on a window.  Sure, the window is in place and is functioning (for the most part).  On the surface, unless there’s a major crack, you don’t really see any issues but over time, you will notice your heating or cooling bills rise.  You may find water seeping in during bad storms and causing damage to the building structure.  Eventually it will cost you more to keep your current windows than to have them properly switched out and replaced.

So too is the slow leakage that comes with a business IT infrastructure that doesn’t have a proper monitoring and auditing system behind it.

The slow leak of your hard-earned profit…

As mentioned previously, it isn’t immediately apparent how you can lose money from an improperly maintained IT system but here are some common issues we run into that can easily be caught by a proper audit.

  • Outdated software that requires patches or upgrades
  • Equipment on the verge of failing and degrading in performance
  • Holes in your security that have allowed malicious software to enter
  • Loss of productivity from employees spending time on unauthorized websites
  • Missing or incorrect license keys which put your company at legal risk

Ignoring the issue…

Over time, the infrastructure can break down around you and suddenly you find yourself in an emergency situation.  Your hardware or software is failing.  You don’t know how or what to replace the equipment with.  You scramble to stop the incoming “seepage of water” that can cause permanent damage to the infrastructure of your business.

Audits to the rescue

Luckily, you can avoid a lot of this pain by having an IT audit performed.  Unlike its financial counterpart, IT audits can be relatively painless and cost you minimal time.

A well run audit

Obviously, there are many programs and people out there who claim they can perform IT audits.  If the audit is to be of value, it must contain some key points:

  • Inventory of all hardware and software connected to your IT system
  • Detailed listing of licenses for each critical application and serial numbers for hardware
  • Information around warranty status on each piece of hardware
  • Listing of firewall or security measures and ports open
  • Information on users and mail accounts (if hosted internally)
  • Information on server utilization and storage device space

How long does an audit take?

Normally, an initial audit should take no more than a couple of hours.  There is minimal involvement from your staff.  Rather, the IT technician should be able to perform the investigation with just access to your system.

How often should it be done?

The frequency of audits depends upon if you have another monitoring system in place to watch day-to-day activity.  With a monitoring system, you should only have to perform or update your audit when major system changes like across-the-board upgrades or new servers go into place.  Without a monitoring system to watch day-to-day traffic, you may want to consider a minimum of a yearly review of your systems to ensure all is still operating as expected.

Need help?

If you need more help or have further questions about IT audits, please don’t hesitate to give us a call here at Solve-IT.ca.  We’d be happy to answer your questions and work with you to provide you the best solutions to maximize your IT budget

What Is Wardriving and Why Should Your Hamilton Business Be Concerned?

If you happen to run a small business, beware! At one time, making sure our computers were locked to our desks and we had the right passwords were just enough to secure confidential corporate data. Maybe having your server locked in a secure room gave you the peace of mind that everything was secure. Times have changed especially since the invention of wireless networks. Today, crooks simply need a WI-FI connection to break into your office.

These Wardrivers drive around cruising neighbourhoods, shopping centers and office buildings looking for open or WI-FI networks that can be easily hacked into. All businesses are at risk! Small Business right through to large corporations can fall victim to a compromise of their WI-FI network. There are almost daily stories of corporations having their WI-FI networks hacked into and customer data compromised. A few years ago it was TJ Maxx; tomorrow it could be your business.

Right now, these wardrivers might make you a target. Here is how they will typically do it…

Wardrivers cruise around in vehicles, usually the ones with tinted windows to make sure no one outside sees what is happening inside the vehicle. Inside the vehicle will be laptops connected with long-range antennas that collect the list and locations of wireless networks. When they come across a vulnerable wireless network, they tap into it and steal credit card numbers and even personal information.

And if you are using an unsecure Wi-Fi standard called Wired Equivalent Privacy (WEP), you may be at risk. Consumer-grade WI-Fi routers (normally sold at your local office supply store) are often the targets of these wardriving attempts to hack into your business network. Your business might be using one of them. But the point here is that WEP’s encryption can be easily cracked with a little help from sophisticated tools by unsophisticated hackers, so it is time you reviewed your network security and our team of Hamilton IT security specialists can help you.

Just over a year ago, a hacker named Albert Gonzalez was convicted of stealing more than 130 million credit card numbers, most of which were robbed using wardriving.

What does your business need to be secure?

It starts with having a review of your overall business security systems, physical and virtual. It is great to have alarms on your building, controlled access to your business but what about your employees who connect from home via remote access or your WI-FI connection that is broadcasting to the world that your business is “open for business”. Having a trusted Hamilton IT support team like ours will ensure your network is completely secure, all possible gaps are filled and you can rest assured knowing that the right team is on the job.

Wireless networks are great and they are convenient. But what are the risks? Contact Solve-IT today to learn more about how to secure your business network.

Rogue Anti-Virus

Recently I have been onslaught with the latest generation of rogue anti-virus. When I run a series of system sweepers against the PC, the end result is that the rogue is no longer present but the user’s profile is still corrupted. When you log on as the local admin or domain admin, both uncorrupted profiles the PC behaves in a stable fashion. I have found the fastest and most effective way around the corrupted profile is to back up the user’s current profile on the PC. Delete the profile and add it anew. Restore any user data and you are off to the races, the user/client is happy and time is not wasted on a rebuild/reload of the OS and reload of all the applications.

So far I am two for two, I will keep you appraised of what occurs along the way.