Why are small businesses easier to infiltrate? They tend to have fewer safeguards in place than larger enterprises. Small-business owners erroneously believe that because they have fewer clients and therefore less data to compromise, they offer little enticement for cyber thieves. On the contrary, because cyber criminals can penetrate small businesses’ systems more easily, they will hit several small businesses in the same amount of time that it would take them to get past all the security measures of a large enterprise.

Email is still the most common form of communication used in business. Hackers know this and will use email to infiltrate a company’s system. They can do this via tainted attachments or hyperlinks. Other, bolder criminals will call or visit a business pretending to be network administrators or representatives from a security firm. Teach your employees how to recognize when someone is on a phishing expedition. One mistake could ruin your business and your reputation.

Data security is paramount to the success of your business. You are responsible for protecting your clients’ information. If their credit card information gets stolen because a hacker infiltrated your system, even if their credit card companies don’t make them pay for the fraudulent purchases, they will still blame you. Trust is one of the most valuable things you can get from your clients. Once that’s lost, it’s almost impossible to get back. In fact, some clients will never put their trust in you again. And they certainly won’t be referring any of their friends or colleagues to you. So, not only have you lost current business but also future business.

Besides making sure you install firewalls and update security software programs regularly, establish best practices for you and your employees to follow. Use complicated passwords that use numbers, symbols and capital letters. This makes them tougher to guess. Complicated passwords are also tougher to remember, so keep them written down in a small notebook that it’s store away from the computer. Change login passwords about once a month. Also, teach your employees how to recognize suspicious emails. To make it easier for people to remember to follow these best practices, you could post them in the break room and above copiers and fax machines. When it comes to recognizing suspicious callers or visitors, you could run regular drills. You could make them fun by offering a prize to the person who “catches” the most suspicious visitors. Or you could divide your employees into teams, depending on how many you have. Gift cards or branded merchandise could be offered as prizes.

You really can’t take too many precautions when it comes to protecting your company data. Your clients rely on you to keep them protected from cyber criminals, too, so anything you do to protect your business also protects your clients.

Looking for a trusted IT security firm to help you protect your business information and data?  Call us today.

With Microsoft’s Big Easy offer, small-business owners can receive partner subsidy dollars when they buy or renew current eligible open software agreements. Business owners can save 15% off Microsoft’s estimated retail price in subsidy dollars for single products or 20% off when purchasing two or more eligible products.

Although there’s still plenty of time for small-business owners to take advantage of this special deal, it won’t last forever. The offer ends March 31, 2012. Eligible products are Microsoft Office 2010, Microsoft Exchange 2010, Windows Server 2008 R2, Small-Business Server 2011, Microsoft Lync 2010 and SharePoint 2010.

Special savings aren’t the only reason why now is a good time to upgrade. Support for Office 2003, Windows XP and Exchange 2003 is ending. If small-business owners have computers that are still running the software after April 8, 2014, they can expect to receive no more new security updates, non-security hotfixes or free paid assisted support options or online technical content updates.

They have until July 14, 2015 for Windows Server 2003 and Windows Server 2003 SP2 Extended Support. They can learn more by visiting Microsoft’s blog.

Change can be scary and frustrating, but it’s a part of life. Those small-business owners who want to succeed in their industries need to stay current with the latest technological advances. The chance to save 15% or 20% in the process should make the decision that much easier.

According to Microsoft, despite being server only, clients will be able to access ReFS stored data. The new system has an NTFS base with new architecture and engineering that will accommodate 21^st century “storage technologies and scenarios.”

The NTFS semantics and features that ReFS won’t support are named streams, object IDs, short names, compression, file level encryption (EFS), user data transactions, sparse, hard-links, extended attributes and quotas.

Although ReFS and Storage Spaces can run independently of each other, Microsoft expects a lot of customers to use them in conjunction with each other. When customers use ReFS in conjunction with mirrored Storage Spaces, corruptions will be fixed automatically and transparently. Microsoft has also devised a way to deal with “bit rot,” which happens when parts of the disk develop corruptions over time that tend to go undetected because those parts aren’t often read.

“In order to deal with bit rot, we have added a system task that periodically scrubs all metadata and Integrity Stream data on an ReFS volume residing on a mirrored Storage Space,” said Surendra Verma, a Microsoft development manager on the storage and file system team. “Scrubbing involves reading all the redundant copies and validating their correctness using the ReFS checksums. If checksums mismatch, bad copies are fixed using good ones.”

Microsoft has several goals it hopes to achieve with ReFS such as verify and auto-correct data, optimize for extreme scale and never take the file system offline.

It may be more than a year before ReFS is ready to be used by the average consumer. In the meantime, anyone who is interested in learning more about it can do so on Microsoft’s MSDN blog.

The first step toward an effective e-newsletter campaign is identifying your target audience.

• What kind of product do you sell, or what kind of service do you provide?
• Are your customers businesses or individuals?
• If individuals, do you have a target age demographic or socioeconomic demographic?
• If businesses are your customers, what’s your industry focus?

All of these things and more need to be considered before you do anything else.

The next thing you need to consider is the goal of your newsletter. Do you want to cultivate new clients or retain current clients? Maybe you’d like to send out a newsletter that will interest new clients and while simultaneously helping you retain current clients. Another option is to have two separate newsletters. Depending on your budget, this could be a viable option.

There are several other things to consider before embarking on an email newsletter campaign, but those first steps are the most important. Now, it’s time to start thinking about the newsletter itself.

You can find templates online that facilitate creating attractive newsletters than won’t get relegated to junk status by spam filters. You can help that by creating a subject line for your e-newsletter that is not only more likely to get it delivered to your recipient’s inbox but also more likely to get it opened. If you include several articles in your e-newsletter, using a headline from one that is particularly relevant to your target audience is a good way to increase the odds that your e-newsletter will be opened.

Relevant content isn’t content that talks solely about your company’s products or services. This type of newsletter could end up being marked as spam by the recipient and then deleted. Relevant content is anything that your target audience might find interesting such as tips, current trends, interesting facts, etc. And advertising should be kept to a minimum and in the margins.

Formatting is also essential to an effective e-newsletter campaign.

• Short sentences and paragraphs are easier to read, as are bullets.
• Pictures help break up the monotony of text.
• A consistent font style will make your newsletter more attractive and give it a professional appearance. If you decide to use different fonts, it’s a good idea to use no more than two.

Some newsletters only have the introductory paragraphs of articles followed by links that lead to the companies’ websites for the rest. Make sure these links go where they’re supposed to go. Also check any links that appear in the body of full-length articles. The last – and probably most important – link to check is the unsubscribe link at the bottom of your newsletter. This one must work, and it must be included in every e-newsletter you send. One thing you don’t want to do is turn people off by denying them the option to unsubscribe.

When all of your preparations have been completed, email your newsletter to yourself. It’s a good idea to have Outlook, Apple, Gmail, Yahoo! and Hotmail accounts because they are the most commonly used. This will give you some idea how your e-newsletter will look to recipients when they open it.

A lot goes into creating an effective e-newsletter campaign. With the right preparations, you could create an email newsletter that keeps your business thriving – and growing – for years to come.

Just like creating an awesome newsletter for your business, you need to have the right team of IT service professionals taking care of you…trust us to help you with all your IT service needs.

One Windows 8 feature that will appeal to everyone is a faster boot up time. Who wouldn’t love to be able to log on to his computer and get to work almost immediately? For people who travel a lot or reboot their computers a lot (think IT professionals), this feature is especially convenient. Windows 7 boots up pretty quickly, so it will be interesting to see how many seconds Windows 8 will shave off of that.

Windows to Go is convenient for business use. Some business owners don’t want to store their companies’ data in the cloud because they find the security of Internet storage more than a little dubious. Windows to Go is for Windows Server 8 only; however, it will benefit businesses because IT professionals will be able to quickly transfer important data and apps from an employee’s desktop to his tablet PC or smart phone.

The Windows 8 Side-by-Side Apps for tablet PCs trumps even Apple’s iPad 2. With the Apple iPad 2, only on app can run at a time. With Windows 8, you can run two. This means you can have a webinar playing on YouTube while you browse the Internet to learn more about the person who’s presenting.

Windows Live SkyDrive integration is something that will benefit individuals rather than businesses. Windows Azure is better equipped to satisfy the security needs of business professionals. Anyone who’s ever used Google Documents has an idea what using SkyDrive is like. You can create, edit and share documents without cluttering your computer’s hard drive because everything is saved in the cloud. The bonus with Windows 8 is that you will be able to access data stored in SkyDrive via your computer’s Metro interface.

The last feature I want to talk about is the Task Manager. With Windows 8, the Task Manager will be more detailed – a great help for people who don’t have advanced computer skills – and easier to use. Users will be able to isolate whatever programs are failing and quickly shut them down. It’s hard to tell how much of an improvement this is going to be over Windows 7, which already plainly lists whatever applications a user has running. Shutting one down is as simple as selecting it and then clicking the “End Task” button.

The date when Microsoft makes its consumer preview of Windows 8 available to the masses is fast approaching. Those who are interested in giving it a try should know that it’s probably going to be better suited for tablet PCs and touch-screen computers than regular laptops and desktops.

Looking for a Microsoft partner to help you?  We are your trusted Microsoft partner and ready to help your business with all your Microsoft support needs.  Call us today.

Well, for individuals who plan to recycle or re-use their hard drives, one option would be to download free hard drive erasing software, such as Freeraser, KillDisk or SDelete. If you’re leery of downloading freeware from the Internet – as you should be – then you can buy software like WipeDrive for as little as $20. But that’s for individuals or small-businesses with fewer than 10 employees. But what if your small business has 20, 30 or 50 employees?  Is erasing computer hard drives really the best use of your IT team’s time? Probably not.

Fortunately, it’s not necessary for small-business leaders to spend time wiping clean every hard drive on every desktop or laptop computer that they plan to recycle or discard. Just as you can shred paper documents before throwing them in a recycle bin or dumpster, you can also shred or, more accurately, have shredded, any hard drive that you no longer plan to use for your business.

If you’re going to do that, then you probably should check, double check and triple check to make sure that all relevant or mission-critical information has been transferred and stored elsewhere. The same thing applies to small-business leaders who decide to completely erase their computers’ hard drives. Once that data is gone, it’s gone forever.

Hard drive shredding must be catching on because there are a few companies already offering these services. Data Killers, for example, offers hard drive shredding, hard drive erasing and degaussing (another way to wipe clean a hard drive that renders the hard drive unusable) services, on site and off site, for corporations and government agencies. Federal Document Shredding also provides on-site shredding for small and large businesses, government agencies and health care facilities. The company is HIPAA compliant and even offers x-ray destruction services. PC Recycler, Inc. offers its services not only to corporations and government agencies but also to individuals in the Virginia, Maryland and Washington, D.C. areas. For only $10, an individual could bring the hard drive from his PC to one of PC Recycler’s “shredding events” and watch as the hard drive is torn into tiny bits. As with Data Killers, PC Recycler offers on-site and off-site shredding services to businesses.

It’s more than a little daunting to think about where your last computer went and who’s using it, especially if all you did was reformat your hard drive before donating your computer to Goodwill or selling it to a pawn shop. Individuals and small-business owners who want to ensure the data on their hard drives are forever inaccessible, could use software like WipeDisk or Freeraser to wipe their hard drives themselves if they don’t want to hire a shredding service. But for leaders in larger businesses, hiring a service like Data Killers or PC Recycler to come in and do the wiping or shredding for them really is money well spent.

The US Patriot Act justifies using things like roving wiretaps, to which President Obama, granted a four-year extension in May 2011, by saying they will help protect US citizens from terrorists. After 9/11, that’s a very real concern; however, it doesn’t justify arbitrarily singling out certain US citizens and investigating them, which can happen under the provisions of the Patriot Act. Now, Canada’s Conservative government is trying to justify invading the privacy of Canadian citizens by saying he wants to protect children from Internet predators. Except for predators themselves, who doesn’t want to do that?

In the US, even with roving wiretaps, authorities have to first, prove probable cause, then get a warrant or a court order before they can invade a suspect’s privacy. Such will not be the case if Canada’s “lawful access” legislation actually gains traction and becomes law. Under the new law, Internet service providers and cell phone companies would have to turn over to authorities – whether they have warrants or not – a citizen’s name, address, phone number, email address and ISP address on demand. But, the bill states, authorities would not have access to the content of the citizen’s communications. Under current legislation, if the police don’t have a warrant, then access to the aforementioned information has to be granted voluntarily by the person in question. That doesn’t mean that warrants will be done away with altogether.

According to the way Bill C-30 – as it’s called – is worded, judges would have more latitude when issuing warrants to authorities. It would allow judges to not only authorize wiretaps but also “grant all other associated warrants or orders.” All warrants and orders related to the wiretap would have the same expiration dates, and they would be automatically sealed. But the bill’s longer name implies that government’s greatest concern is for protecting its most vulnerable citizens from threats via the Internet.

Here’s what the bill says verbatim about how it will address cybercrimes:

“Bill C-30 would help to better address cybercrime and crimes committed using modern communication technologies. Examples of these include:

• enabling police to safeguard computer data for a limited period of time through a preservation demand so that a warrant or production order can be obtained prior to the computer data being deleted;
• modernizing the number recorder warrants provision (for telephones) by expanding it to include all forms of telecommunications (transmission data recorder warrants);
• allowing for the police to trace and identify the originating service provider involved in the transmission of a specified communication; and
• raising the judicial threshold to authorize a tracking warrant from a suspicion-based to a belief-based standard in situations involving the tracking of an individual’s movements (by identifying the location of a thing that is usually carried or worn by a person, e.g., cell phone).”

The implications and possible ramifications of such a law are more than a little frightening.

Those that received a critical rating – of which there are more than 20 – are, of course, the most vulnerable to “remote code execution.” As Microsoft explains it, “a remote code execution vulnerability exists in the way that the msvcrt DLL calculates the size of a buffer in memory, allowing data to be copied into memory that has not been properly allocated. This vulnerability could allow remote code execution if a user opens a specially crafted media file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. He could then install programs; view, change, or delete data; or create new accounts with full user rights.”

Naturally, if an attacker gains access through a restricted account, she will not be able to do as much damage as one who gains access to a computer through an account with full administrative rights.

These vulnerability issues are especially relevant to people who use Internet Explorer as their default browser. The severity rating is critical for Internet Explorer 7, Internet Explorer 8 and Internet Explorer 9 users on Windows clients. For Internet Explorer 7, Internet Explorer 8 and Internet Explorer 9 users on Windows servers, the severity rating is moderate.

The good news is that hackers can’t force users to go to malicious websites. Instead, users have to be persuaded to visit malicious websites or open tainted email messages. Sometimes, the email messages themselves are clean but contain links, which lead to malicious websites, that users are invited to click.

People can access updates through the Microsoft Update and Windows Update sites or the Microsoft Download Center. According to Microsoft, those who have set their computers to seek and install updates automatically are already protected.

Microsoft acted quickly to protect its customers from harm once it detected vulnerabilities in its programs. Anyone who uses Internet Explorer 7, 8 or 9 and doesn’t have his computer set up to install updates automatically might want to act quickly.

Need help ensuring your network is as secure as possible?  Give our team of trusted IT security specialists a call immediately.

• Increased productivity- Businesses are established to fill the need for a product or service while providing a livelihood for the business owners and their employees. In order to do this, businesses have to ensure they are working at full capacity at all times. Downtime or work performed at reduced levels is time and money wasted. Managed Services can help businesses not only quickly repair problems when they occur but also act as a proactive measure to spot and treat potential problems before they have an impact on productivity.
• Supports in-house IT- Many businesses do not want to relinquish all IT maintenance control to an outside party, and small businesses do not always have the resources to support the type of IT department needed to keep their business running at full speed. A majority of businesses can benefit from adding the expertise, tools and availability of a Managed Services Provider to help support in-house IT departments.
• Remote services- Managed Services Providers work from a remote location, providing desktop, email and back-up and recovery support services without adding to the actual number of “employees” on site. The services provided are unobtrusive and in the majority of cases, have no impact in the day-to-day activities of current in-house employees.
• Affordable- Generally when you bring on a Managed Services Provider, a consultant will perform an onsite assessment of the company, its workflows and processes and the current state of its supporting technology to determine what services are needed to meet organizational goals. Business owners often have a choice between several different levels of service, making it possible for a company with a limited budget to choose a package that best suits their needs.

Security is a big concern for business owners and individuals alike. In the past, business owners have been reluctant to entrust secure or private information to a third party, offsite vendor. As Managed Services Providers continue to prove their value, more companies are realizing the benefits and value of their services. Managed Services Providers continue to improve technology to provide secure, quality services for businesses of all sizes. As a result, smaller businesses which operate with leaner budgets find themselves in a position to reap the benefits of these services. Business owners often have to make difficult decisions regarding how they will improve their business while sticking to the budget. As the market for Managed Services experiences continual growth in the next few years, this method of IT maintenance and service delivery will likely become the “norm” for small to mid size businesses looking to reduce costs and improve uptime and business continuity. Companies that recognize the benefits of Managed Services will have a jump on their competition.

Content by Managed Services Provider University

This is a fairly long read, however we urge you to chip away at it when you can. Every business owner should all be keenly aware of the security threat landscape. Ultimately it will help us protect our systems (both in the office and at home) more effectively.

As always, please contact your trusted IT security team with any questions or concerns.

Download the report - Sophos Security Threat Report 2012