Documentation - The Key To Client Support Success

Recently, we won the trust of a new client that was unhappy with the service provided by their previous IT company.  After the client notified the old support company that we would be taking over, we scheduled a transition meeting to insure that all aspects of the old environment were adequately explained and all passwords to be changed were identified, support documents were to be identified, known issues discussed and software licenses and such were in place prior to the cut-over.

Obviously, before we even agreed to take on the new client we had done some of our homework on their environment of servers, software, connections and computers.  I arrived at the meeting with our basic documentation binder already started and I hoped that the other support guy could supplement our package with his 7 years worth of accumulated information about the client and their environment.

Sadly, when the previous support guy arrived, he arrived empty-handed and the first words out of his mouth when he saw our manual was "Wow, you do documentation!  This customer is going to LOVE you."  UH-OH!  He never wrote anything down!  I could see that this meeting was NOT going to go well.

As we worked through my 4 page checklist of questions about the network, the support guy answered most of the questions from memory but he did have some glaring problems providing some answers that he "was going to have to get back to me." because he couldn't remember.

There also turned out to be some serious problems with software license ownership that he was going to have to straighten out, not to mention explaining why one of the clients servers was in his office instead on the client premises and why it hadn't yet been returned.

Too many questions received answers that included the words "probably" and "I think".  I'm not sure how uncomfortable the client was when he heard those qualifiers but it sure set off alarm bells in my mind.

Sure, we will work out all of these problems.  That's what the client hired me to do but that's not the point. 

Is there are dollars and cents consequence to not having documentation?  Absolutely!  When assignments change within a support organization, lack of documentation will increase the time it takes for the new tech to "read in" to the new situation which will cost you money.  Lack of documentation also leads to technician mistakes which will also cost you money.  If you have auditors for your business, they'll wind up spending extra time searching through inadequately documented networks which also costs you.

A significant number of IT guys are inherently "Wing it!" kind of people that don't want to take the time to write anything down unless forced to.  Everything is kept in their head with little if any paper trail.

That create problems for clients.  Regulatory compliance and good business practices dictate that everything be documented aka written down cogently and stored someplace safe.  IT support also requires a certain level of discipline to keep things organized.  Technical wizardry is a wonderful thing but without the systematic controls to keep it all organized it can create even bigger problems for an organization.

When businesses select an IT support company, it's important to make sure that their important business processes and business assets are properly documented.  If something happens to your business or the relationship with your IT provider goes south, how will you be able to continue a smooth business process if everything is kept in someone else's head and that person could disappear without notice.

As the other guy got up to leave as we finished his exit meeting, I wonder if he gave any thought at all to the fact that if he had only paid a little attention to writing things down and keeping even basic control of his support process, he might have kept that account and I might never have been invited in to take over.

Tired of letting your IT support team "wing it"?  Why don't you give us a call and we can help restore order to your network, exercise some operational controls and help reduce your IT Support costs.  Call ACT at (847) 639-7000 or e-mail me at jhoffman@act4networks.com.

Read More

Going to the Cloud is easy, getting out is a lot tougher!

Everyone is pushing you to take your business to the cloud, right?  It's easy, right?  The sales rep used all the right words in his pitch.  Lower cost!  Let them handle the infrastructure issues!  It's in a safe off-site data center! 

All of that may be very true BUT . . . and there's a BIG but . . . what happens if you don't like the way the program operates once you're in or your needs change and you want to move on to something else?

Nobody ever talks about getting your precious data out of the cloud once you've put it out there.  Certainly the sales reps never expect you to leave so they never mention it.

We've recently been asked to help a client get out of a cloud application now that they've found that it doesn't work all that well.  Contacting the cloud vendor about getting the client's data back was a real experience.  Of course, their initial reaction was "Gee, no one have ever asked to leave before!".  I won't belabor the point that the vendor software never worked as well with live data as it did in the demo.  Let's just say that the client's staff was frustrated beyond words trying to get their jobs done with it.

After the vendor's staff got over the shock of someone actually not liking their software or their support service, they admitted that they would have to find out from their tech staff how to extract the data.  Finally, the call came about returning  the clients data and the essence of the conversation was "It's gonna cost you! And not just a little, a lot!"  Then they hit me with the kicker.  When they return the data, it will be in a format that will be virtually unusable unless we write our own data extraction program to reformat it into something we can use.

They've got our client over a barrel!  Either they pay the "export fee"/ransom or they don't get their data in electronic format at all.

A WORD OF ADVICE BEFORE PUTTING YOUR BUSINESS OUT IN THE CLOUD - Always consider your exit strategy from any application whether it be server-based or cloud-based.  Your business changes and you may need to change software someday.  If your data needs to be pulled out of a program on your server, at least you have the source data in hand.  If your data is out there in the cloud, you don't have that luxury.  You're at their mercy if you want to get it back.  Make sure you always have an exit strategy and your vendor has detailed for you the steps (and costs) of moving on to a new vendor.

PS.  Get it in writing!

Need guidance on software vendor selection?  Call ACT at (847) 639-7000 or via e-mail at support@act4networks.com.

Read More

Server Configuration - Heaven Save Us From Well-Meaning Amateurs!

How do I tell the client what their old tech did to them?  They've got to spend a bunch of money to correct the mess he made and I'm the one that's got to break the news to them. He made some very bad decisions when building out their servers and now they've got to spend a bunch of money to fix the mess.

We just inherited 2 servers at a new client we recently acquired.  The servers are reasonably new and from the outside they looked fine . . . and then we looked inside.  Each server was running 2 virtual servers using Windows Server 2008 STD R2.  On one VM the tech had a Micr0soft SQL data base running.  On the other, he set up an Exchange e-mail server.  Both of those programs require a significant amount of RAM memory to run correctly.  Was it there?  Not by a long shot!  To fix the RAM problem is going to require the client to buy at least 3 times the amount of RAM currently installed just to meet the minimum requirements of the operating system and the loaded programs.

Uh, did I mention the old tech forgot to license the SQL and one of the Windows servers?  OOPS!  Just a small detail the old tech forgot to mention.

To complicate the matter, the old tech had the client buy two CPU's for each server.  Not a bad idea, UNLESS you skimped on the amount of RAM installed in the first place.  Because each CPU in the server requires it's own allocation of RAM memory, he had to split the already insufficient RAM into two RAM pools cutting the usable RAM in half making things even worse.

It got worse when we looked at his hard drive configuration.  He bought SAS 15,000 rpm hard drives which was good but he bought the smallest sizes available.  That's a BAD idea in today's world of exploding storage requirements.  Those drives are filling up fast and will inevitably need to be replaced soon.  For a few hundred dollars more he could have doubled the storage capacity of the servers by buying higher capacity drives or if he slowed the rpm speed of the drives down to SAS 10,000 rpm he could have saved a few hundred dollars and more than doubled the storage capacity of the server.  As it is, probably within a year, the client will be forced to replace all of those drives in each server with hirer capacity drives when they fill up.  It's very predictable that servers supporting data bases or e-mail servers will grow exponentially each year unless regulated very closely.  By nature companies seldom control or even monitor their stored data very well if at all.

Want one more example of amateur hour in the server room?  The old tech configured each server with redundant power supplies.  That's normally a great idea . . . unless you only plug one of them in and leave the other one off.  It doesn't do anybody any good that way!

Think if buying a new server?  Here's some advice from someone who's been installing servers for a long time.

1. Make sure you verify that  your application software will actually run on Windows Server 2012.  Some applications won't run on it because application software frequently lags behind the O/S and isn't compatible. Then you'll be forced into running an older version of Windows Server as a VM (virtual machine) to keep that software running.
2. Make sure you purchase enough RAM for your server.  Failure to provide enough RAM will result in lousy performance.  What's enough?  We seldom advise using less than 16GB of RAM in a new server.  More than 1 CPU in your server?  You should probably be thinking of16 GB of RAM for each CPU.  Rule of thumb should be 16GB minimum for each instance of Windows Server running on your physical server if you want decent performance, add 8GB for your hypervisor if you're running VMs and then add whatever RAM your application software requires.  Running SQL or Exchange?  Add at least 16GB for each of those and we don't recommend running them both on the same server unless you really ramp up your CPU and RAM capacity.
3. When buying Windows Server 2012 STD remember that you can run 2 instances of Windows Server but only if they are run on the same physical server.  You can't run them on different boxes so if you're running a VM environment you will save some money  vs. the way that Windows 2008 and earlier versions were licensed.  User or Device CALS (client access licenses) are NOT transferrable from older O/S versions.  Remember to re-buy your CALS when upgrading your O/S.
4. Only retain Windows Server 2003 environments IF your old application server requires it.  It's no longer supported and will be a headache if you insist on keeping it alive. 
5. Buy as much hard drive capacity as you can afford.  Don't cheap out!  Also remember that RAID hard drive redundancy (which is a must!) cuts you native capacity by up to half (1/3 for RAID 5).  Depending on the size of your organization, your needs may vary but even a small organization shouldn't consider less than 1 terabyte of available storage capacity AFTER your RAID is installed.  It's better to buy big once than have to replace your hard drives in just a couple of years.
6. Device redundancy is a wonderful thing.  Whenever possible use it - hard drives, network interfaces, power supplies, everything possible.  Just remember to use them if you buy them.  That un-connected redundant power supply we discovered was virtually worthless unless it was plugged in.

Bottom Line?  Don't trust your servers to someone who's only qualification is that he knows how to spell PC.

For help with your next server or assistance fixing the one you already own, call ACT Network Solutions at (847) 639-7000 or e-mail support@act4networks.com.
.

Read More

The CryptoLocker battle continues - part 2 - paying the ransom

In my last post I talked about a client network that was devastated by CryptoLocker.  A local competitor had unsuccessfully tried to remove the malware before first determining whether the client had a good backup of their data. 

By the end of the first day, we had exhausted all possible sources of backup copies of their server and data files and it was obvious that their only option was to trust the hackers word that if we paid the ransom they would send the decryption key to restore the data.

The ransom can only be paid in one of two ways.  Send them 2 Bitcoins (value about $460) or use a Green Dot prepaid debit card to transfer $300 to them through the malware program itself.

First through, for the first time in our 25 year history, we actually had to re-install the malware that had been partially removed by the first company to pay the ransom.  Then we had to wrestle with the CryptoLocker payment screen to get it to accept the payment before finally getting the decryption process started.  The decryption program has been running for 2 days so far and has reported that it has restored over 75,000 files and failed on about 50. 

We can't tell whether the decyption is working fur sure because it's still running and it looks like it's going to run another day or so based upon a rough estimate of the number of files the client thinks are lost. 

So far, the client has lost 3 days of office and technical staff productivity. 

This was a hard lesson to learn and even if paying the ransom worked and the client gets back most of their data it's going to be an expensive one.  We've probably still got a day of work left cleaning up this mess across the network on the server and all of the other workstations and then installing a reliable data protection system.

Stay tuned, the program is still running.  Find out if the hackers were true to their word and if the data comes back after the ransom was paid.

Have similar concerns about the safety of your business data? 

Call ACT today @ (847) 639-7000 for a free consultation.

Read More

CryptoLocker Strikes Again With Disasterous Results

The battle with CryptoLocker continued today but this time with a twist.  A client called for help today because a local competitor had visited them yesterday to remove an infection of CryptoLocker.  After working on it all day, the clients problem was worse than ever and the competitor had to leave to "deal with other obligations".  Talk about being left high and dry!

What made the problem so severe was that this client didn't have ANY backup to restore the corrupted files on their server caused by this software.   Yes, they had backup software.  Yes, they had a tape drive.  No, the backup hadn't been run in 5 years and nobody noticed!
Through normal human failure, backing up the server fell through the cracks and now they're faced with a scrambled server with no fallback solution.

This latest version of CryptoLocker is also much more aggressive in the corruption of files.  Earlier releases targeted Microsoft Office files, graphics and acrobat files.  This version wipes out almost everything it touches including WordPerfect files, AutoCadd files and many, many more.  It encrypts every file on every mapped drive that the infected PC is connected to including the server and any storage devices.  The encryption level is very high and nobody has been able to crack the encryption to-date.

Without a backup the client doesn't have many options for recovery and one of them is to pay the $300 ransom and hope that the hacker that created this malware will actually provide the decryption key to undo this mess.

We've spent most of the last day trying to undo the damage the competitor did by only "halfway uninstalling" the malware so we can get the ransomware working well enough to pay the ransom because the server contents are trashed without much hope of recovery.  We're still working on it though!   

Stay tuned for further updates . . .  we're not walking away from this customer like our competitor did!

When we get the clients server stabilized, the client has already signed on to adding our DataVault Backup Solution to their business which is fully automatic and has our technician monitoring service keeping track of their backups.  Each day they'll also get a confirmation e-mail verifying that their data has been backed up and protected to ease their mind about ever having to deal with a nightmare like this again.

Have similar concerns about the safety of your business data? 

Call ACT today @ (847) 639-7000 for a free consultation.

Read More

Support for Windows XP and Office 2003 stops on April 8th.

All Microsoft support for Windows XP and Office 2003 stops on April 8th.

What are the risks to your business if you don't upgrade?

Let's be real here, unpatched systems are an open invitation to hackers to exploit your systems and your network.  Companies that continue to run Windows XP face the risk of increased hacking attacks. Small businesses are often targeted because they lack sufficient protection, and cyber-criminals sometimes use them as a stepping-stone to larger targets. In 2012 we saw a 30% increase in such web-based attacks.

Security & Compliance Risks: Unsupported and unpatched environments are vulnerable to security exploits. This may result in a recognized control failure by an internal or external audit body, leading to suspension of certifications, and/or public notification of the organization’s inability to maintain its systems and customer information particularly if you’re in a regulated industry.

Lack of Independent Software Vendor (ISV) & Hardware Manufacturers support: A report from Gartner Research suggests that many independent software vendors (ISVs) are unlikely to support new versions of applications on Windows XP.  The longer you hold off, the more common this will become and the more support hassles you'll encounter.                

 Are there hidden costs to staying on Windows XP  or Office 2003?

Yes, staying on Windows XP after the end of support date means paying for increased support costs and potential compatibility problems with new application software not to mention other organizations that use more up-to-date Office applications that your version of Office probably won't process correctly.

Just one exploit of your computer network through an unprotected PC will cost you MUCH MORE than the cost of keeping your network PC's up-to-date and protected properly.

Do you have a migration plan for upgrading these products?  Call ACT at (847) 639-7000 and we'll help you find the best and most affordable way to upgrade your network.

Read More

Beware Hacker Watering Hole Exploits

Beware Hacker Watering Hole Exploits

What’s a Watering Hole Attack you ask?  Hackers can use either of two distinct tactics to compromise your computer and steal information by trying to infect a popular web site or a Wi-Fi hot spot.

Everyone that’s watched a nature film understands that in the wilds of Africa predators hang around watering holes looking for weaker prey.  When the prey wanders into reach, the predator pounces. That’s the principle here but in this case, they want to steal your information one way or another.

In the first type of watering hole attack, hackers take advantage of the fact that their victims often visit popular web sites like shopping sites, community sites and business information sites. Then they exploit or “poison” that location to achieve their objectives by embedding code that can infect weakly protected computers that can then be used to send spam, steal critical information from that PC or turn that computer into a zombie that will respond to remote commands for attacks on other computers or networks.   The malicious code on the infected web sites frequently use vulnerabilities in web related programs that enhance web and browser functionality like Java scripts, Acrobat Reader and Flash Player which individual PC owners are notoriously lax at keeping up to date.  You browse to a seemingly harmless looking web site and WHAM the site exploits an out of date version of one of these modules and embeds the hackers code on your PC to do their bidding.  

Another type of Watering hole exploit tactic is to infect a Wi-Fi site so that users that visit that location can be “listened to” or infected when they sign on.  For instance, many large companies have a local coffee shop, bar, or restaurant that is popular with company employees.  Attackers will create fake wireless access points for unsuspecting people to use in an attempt to get as much private information as possible.  Victims are often more relaxed and unsuspecting because the targeted location is a public or well known place.  Have you ever seen multiple open connections at a Starbucks, a McDonald's or at the airport?  These could be watering hole Wi-Fi sites just waiting for you to stop by for a brief visit.  That’s all it takes! 

The hackers can then sniff unprotected data from the data streams sent between their unwitting victims and their intended remote hosts. You'd be surprised how much data, even passwords, are still sent in clear text.  This is a perfect spot for keyloggers to intercept your sign-in information to private areas and send it to a “listening” device for later use by someone else.  They can even search through the data on your PC without you noticing.

 

Want some simple advice?  Make sure you keep ALL software components of your browser and operating system up-to-date at least weekly.  Never sign into an unprotected Wi-Fi hot spot without checking it's authenticity with the location management first.  Finally, keep your anti-virus/anti-malware software up-to-date DAILY!

Unsure if your business notebooks and PC’s are properly prepared for either of these hacker exploits?  Give ACT Network Solutions a call at (847) 639-7000 for a free consultation.

Read More

Beware Fake Microsoft Tech Support Calls

Yesterday, I encountered a fraud scheme first hand that was new to me.  I'd heard of it but I've been in the PC business for over 25 years and never experienced this before.

I was making a rare home PC support call as a favor to one of my corporate clients.  A member of his family was doing the company bookkeeping from home and had reported that their computer was running "slow and funny" so I stopped by to check it out.

As expected, it had some malware and a bunch of "Free" toolbars on their browser.   As I was removing them and cleaning up the system, the phone rang.  When the client answered the phone, the caller identified himself as a Microsoft technician calling because the clients computer was broadcasting error messages that he wanted to help them fix.  The client handed me the phone to let me take over the conversation and playing along with the caller, we determined that "all he wanted to do was help us fix our computer".  All we needed to do was go to a web site and click on a link that would let him fix the PC and "Of course, there would be no charge!"

That action would have allowed that caller access to the client computer to extract whatever information they wanted and install whatever malware they chose to use.

WARNING TO ALL READERS!  MICROSOFT DOES NOT MAKE UNSOLICITED SERVICE CALLS!  They don't sub-contract with anyone that does either.  This was a fraud attempt, pure and simple. 

In this instance, the caller had an Indian accent but that may not always be the case.  This scam has been going on for years and is often traced back to India but others have tried it was well so keep in mind legitimate technicians do not make unsolicited service calls.

Read More

Fighting The Destructive Cryptolocker Ransomeware

A panicked call came in this morning from a corporate client reporting that there were files on their file server that couldn't be read because of a message reporting an invalid file type for that file.  The client was worried because these were important Excel, Word and PDF files which worked fine yesterday.  A second call followed the first almost before we could hang up the phone from another user reporting even more files that were no longer usable.  The problem of unusable files appeared to be spreading like wildfire across their network!

What was the cause?  It was a reasonably new Ransonware program called CryptoLocker and it's pretty devastating.  Here's what we know:

CryptoLocker arrives either an attachment to an e-mail or as a download from an infected web site.  In most reported instances it requires the user to click on the attachment or reply yes to a download prompt from the infected web site to deploy.

It will rapidly begin encrypting every MS Office (Word, Excel, PowerPoint etc) file, PDF file, audio files and graphic files it can see on the network.  The encryption is very high level and most technicians report little success in unencrypting the files.  In the instance we encountered today, all of the affected files and folders had their modified date time stamp set to the time of the infection.

In some instances, the program changes the PC desktop background to a red splash screen identifying itself.  It then displays a warning screen about the encryption and gives the user 72 hours to send $300 for the decryption key complete with a count-down clock to add emphasis to the fact there is a deadline to pay their ransom.

What do you do if you find yourself infected?

First and foremost, if you're on a network, immediately disconnect the PC from the network by logging off or removing your network cable (or disable your wireless card) to minimize the potential damage.

Here's how to remove CryptoLocker:

Restart your computer in SAFE Mode.  Choose the “Safe Mode with Networking” option.

When Windows starts with the word SAFE in each corner of your desktop, launch Windows Task Manager by pressing keys Ctrl+Alt+Del, search for CRYPTOLOCKER processes and right-click to end them.

Open the Control Panel in the Start menu and search for Folder Options. When you’re in the Folder Options window, click on the View tab, check Show hidden files and folders and uncheck Hide protected operating system files and then press OK.

Click on the “Start” menu again and then click on the “Search programs and files” box, Search for and delete these files created by CryptoLocker:

• %AllUsersProfile%\random.exe
• %AppData%\Roaming\Microsoft\Windows\Templates\random.exe
• %Temp%\random.exe

 

Open the Registry Editor by opening the RUN option in the Start Menu and typing REGEDIT in the Run box and click “OK” to proceed. When Registry Editor is open, search and get rid of the following registry entries:

 

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\[RANDOM HARACTERS].exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Random
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” =Random
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\Random.exe

You can then reboot the computer normally to check whether the virus is completely removed or not.  You'll know if it's gone if the CryptoLocker warning window doesn't return but we recommend running your anti-virus program update and a full scan as well as a running program like MalwareBytes as an additional precaution.  You should then be able to reconnect your PC to the server.

 

Be aware that your Desktop will probably still have the modified background but you can easily restore your desktop using the Display option in Control Panel. 

 

If there can be any good news about this ransonware, it's that it currently doesn't appear to be able to cross-propagate across the network from the infected PC so it's does seems to stay put at the initial point of infection.

 

The bad news is that it's very unlikely that you'll be able to recover or decrypt any files that this program encrypted.  Hopefully, you've kept a recent backup copy of all of your critical files and can restore those that were damaged.  If not, you're probably out of luck getting those files restored.

 

If you haven't protected your PC and server data yet, why not give ACT a call for a free 30 day trial of DataVault Files And Folders.  It's the easiest way to keep a secure backup for all of your critical business files.  You can arrange for your free trial by calling us at (847) 639-7000.

Read More

When It's Time To Fire A Customer

What?  Isn't that backwards?  Isn't it the customer that usually does the firing?

Usually, as business people, we work so hard to find and cultivate new clients that we hang onto those relationships with all of our might.  Sometimes though, it's important to recognize that not all client relationships turn out to be good for our business and sometimes they can grow downright toxic.

There is a philosophy in business circles these days that subscribes to the theory that every business should "fire" the bottom 10% of their client base each year. The theory is that you should cull your weakest clients and replace them with stronger, more beneficial relationships. I'm not sure I totally agree with that philosophy completely but I do know that there are some occasions when it's better to rid yourself of burdensome clients.

We just went through a situation where it was just better for us to tell a client to take his business elsewhere.  Over 25 years we've fired maybe 5 customers.  Sometimes it is really easy.  Sometimes it's not.  This one was a bit painful but in the end was best for our business.

What are the signs that you should fire a client?

• When you cringe when you find out that a particular client is waiting on-hold.
• When your staff starts drawing straws to determine who has to visit that client.
• The only time they pay their bill is when they have another emergency they want solved.
• When they consistently blame their mistakes on your staff.
• When they consistently ignore your advice and still blame you when what you told them what would go wrong does.

It's never easy to fire a client, but sometimes it works out better to just say "Life's too short and you're just not worth the grief."  Maybe for some you say it under your breath but sometimes it needs to be said out loud.

Read More

Using the Cloud? Have you got a backup Internet connection?

As organizations become more dependent on their Internet connection for business continuity, the importance of a second "fail-over" connection must be considered.  Loss of access to Cloud applications, e-mails, instant messaging and Internet resources can cripple a business if their primary Internet provider interrupts their service.

What do you do if your Internet line fails for whatever reason?  My company, ACT Network Solutions, supports Senior Living Centers, medical facilities and other organizations that are now taking advantage of services provided in the cloud.  In the "good old days" of on-site server-based programs, services could continue, albeit with some inconvenience. Maybe e-mail stopped flowing for a little while and that was tolerable (hopefully).  Now, critical services such as treatment plans, charting and medication records are frequently in the cloud.  How do you handle immediate issues when you've put your data out of the physical reach of your staff.

It's time to start thinking long and hard about a second Internet connection to take over if your primary line drops off-line. 

The second line is referred to as a "fail-over" line because it can take over if the primary line fails.  It keeps your access to your critical operational data up and running now matter what.  Properly configured, the fail-over line or "shadow line" just assumes the flow of traffic without any loss of productivity. 

Your second line doesn't even necessarily have to be as fast as your primary circuit because, after all, it's only used in emergencies. It should be able to keep you and your cloud connections going until service to your primary connection is restored.   BUT . . . it must be able to handle your processes in a reasonably timely fashion.

Never trust both lines to the same vendor or the same media either.   If you're using a cable Internet provider for your primary Internet line, consider a provider using a different media for the second line.  For example, one of our senior living centers uses a cable provider for their primary broadband connection and a slower AT&T service for their backup.

This type of connection issue is often overlooked in organizational Disaster Planning maybe because it's such a simple thing.  Maybe you're so focused on "major" disasters that we overlook "the little ones".  It's the less obvious things that can get us into trouble more often than we'd like to admit.

For those of you who are thinking to yourself  "Aw, that will never cause US a problem!  Our line is up 99% of the time.  We can live with a little downtime."  Really?  If your organization rules a 24 hour operations, 99% means you're off-line over 3.6 days per year.  Can you really live with that?

Jeff Hoffman is president of ACT Network Solutions, for more information on how to protect your business from IT network interruptions or business continuity issues call ACT at (847) 639-7000 or e-mail jhoffman@actnetworks.com.

Read More

HIPAA Omnibus Rule Compliance Deadline is Near. Are you ready?

The Omnibus Final Rule (Omnibus Rule) was released on January 17, 2013.   HIPAA covered entities and business associates are required to be fully compliant with the Omnibus Rule by September 23, 2013.  Are you ready?

In order to comply with the Omnibus Rule, organizations must update their internal privacy policies to reflect the changes to the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule.  Here is a quick summary of those changes:

Release of Decedents’ PHI.

Under the Omnibus Rule, the definition of “protected health information” now expressly excludes the health information of a person who has been deceased for more than 50 years. In addition, the Omnibus Rule provides that providers may disclose the PHI of a deceased person to such person’s family members, relatives or other individuals indicated by the deceased, who were involved either in the deceased’s care or the payment of care. Providers may disclose only PHI that is relevant to the family member, relative, or friend’s involvement in the deceased’s care. PHI cannot be disclosed if the deceased person expressed a prior preference for it not to be disclosed.

Patient rights to limit disclosures. Under the Omnibus Rule, your organization must comply with a patient’s request that PHI regarding a specific health care item or service not be disclosed to a health plan for purposes of payment or health care operations if the patient paid out-of-pocket, in full, for that item or service.

Providing electronic copies of medical records.  Providers must comply with a patient’s request for an electronic copy of his or her PHI if the records are maintained in an electronic format and are readily producible in the requested format.

Changes The Breach Notification Standards.   

The Omnibus Rule changed the standard for determining whether a breach of unsecured PHI has occurred, and what steps the provider must follow.  In essence, your internal policies must reflect how you will respond to a potential breach and must be spelled out more completely and the requirements are now tighter. Once the new standards are reflected into your policies, you should no longer use your previous breach standard, even for breaches that occured prior to the Omnibus Rule’s compliance deadline.

Marketing and sale of PHI.

Under the Omnibus Rule, the marketing or sale of products based upon patient PHI is generally prohibited. Generally these prohibitions don’t apply if your organization has received valid authorization from the patient.  Organizations must also ensure that any definitions of “marketing” and “sale of PHI” in their policies complies with the revised definitions and standards under the Omnibus Rule.

HHS has posted on its website the audit protocol derived from the recently completed audit pilot program. The audit protocol provides a helpful list of the items that an auditor will review when assessing whether a covered entity is in compliance with HIPAA.

After the policies are finalized, your organization should formally adopt and approve the policies in accordance with any procedural requirements in your governing documents or standard operating procedures.

Staff Training Requirements.

Any time your organization updates its privacy policies, workforce members should receive training on any new and revised policies. In particular, management and higher-level employees should be fully trained on the new breach standards.

Training is important component of compliance with HIPAA and the HITECH Act. Security training should be documented and maintained in your event training logs. Program details may be requested during an audit or investigation.

Changes to Notice of Privacy Practices.

The Omnibus Rule modifies and expands the content of the notice of privacy practices (NPP) that a provider is required to maintain and distribute to its patients.   A covered entity must:

• Make their NPP available to patients who request a copy on or after the effective date of any revisions.

• Must post the revised notice on its website, if applicable.

• Must post the notice in a prominent location on its premises.

• New patients who receive services for the first time after modification of an NPP should be provided with a copy of the revised NPP.

Also remember that covered entities should always retain copies of previous versions of their NPPs and of any written acknowledgements by patients of receipt of NPPs.

Changes to Business Associate Agreements.

There have been changes to the Business Associate Agreement (BAA) document requirements.  Omnibus has changed the definition of a “Business Associate” and now includes subcontractors of business associates that deal with PHI.  Covered entities are not required to enter into BAAs with downstream subcontractors. Rather, the business associate who contracts with the subcontractor must enter into a BAA with the subcontractor and you should require proof of compliance.

Are you unsure of your status on HIPAA Compliance?  Contact ACT for a FREE consultation and review of your readiness at (847) 639-7000 or by e-mail at support@act4networks.com

Read More

Computer Support Rates - When Cheap Really Isn't

What's in a labor rate?  Why are some IT companies more expensive than others?  Our company is neither the most expensive in our market nor the cheapest.  Some companies lead with a low price but then tend to take longer to finish tasks than others.  Comparing by hourly rates alone can be very misleading.

Recently we ran into an instance where we were asked to replace another IT support company charging much less than what we charge on an hourly basis.  The client had about 75 PCs and 4 servers along with the standard mix of peripherals that needed support.  Based upon our experience with similar organizations of that size in that industry I provided an estimate for the number of hours we'd need to support them annually.  My estimate was met with stunned silence in the meeting until finally the client admitted that the old support company was billing them for 5 times that number of hours.  Our hourly rate was going to be higher what the old guys charged but we were still going to save the client thousands of dollars per year.

Rates don't mean as much as many people think.  It's the bottom line that matters.  What's cheaper?  A $75/hour tech that takes 3 hours to perform a job or a $100/hour tech that does it in 1 hour?  Some IT companies have a reputation for taking too long and billing for every minute no matter how long it takes.  For over 25 years, we've had a "Fair and Reasonable Promise" for our clients.  We tell you how long a job will take before we start and we stick to our estimate.  You shouldn't have to pay a premium because a tech is having a bad day and takes longer than expected.

How can you avoid the rate disparity debate?  Define what you want done thoroughly and ask for a fixed price (also called a Flat Fee job).  That should even out the playing field for vendors with different rates.  After all, isn't that what you really care about?  The Bottom Line, right?

Read More

Encrypting PHI On Your Server And In-Transit

Perhaps one of the most significant changes to the HIPAA Security Rules is the requirement for HIPAA Covered Entities and their Business Associates to provide notification in the event of any breach/exposure of unsecured/unprotected personal health information (PHI).  Who has to be notified?  Well, of course, you'll need to notify the affected individual(s) and the HHS, but you may also have to notify the police/authorities . . . and depending upon the size of the breach even the media and no one wants that kind of publicity!

HIPAA guidelines recommend all PHI should be encrypted "while in motion and at rest". 

What's PHI "In Motion"?
Simply put, if you send an e-mail (in motion) with PHI, it must be encrypted so that only the recipient can read it.  The same holds true for texting and IMing.  When you get any electronic communication, it should be stored in encrypted format or on an encrypted device.  Transferring PHI information from one location to another electronically?  Yes, indeed!  Moving data around on a Flash Drive?  Yup, encrypt it!  Notebooks with PHI should have the hard drives encrypted or at least the PHI files should be.  Un-protected notebooks with PHI exposed seem to be a leading point of exposure.  (Remember, statistically 1 in 10 notebooks are stolen each year.)

I was working with a C-Level executive at an extended care facility who, when I brought up texting as PHI in motion and the risks in a meeting said "Oh, we don't do that!" and his Director of Nursing corrected him saying "Oh, the nursing staff passes messages to each other all of the time that way!"  Don't just assume your staff doesn't pass PHI via text, e-mail or IMing.  Check first.  You may be surprised.

Let's talk about PHI data on your server.  (Data at Rest)
What about my server, you ask?  Servers can't be encrypted, can they?  The answer is a straightforward Yes, although your tech guys may be resistant because they've never done it before.  Most major data base programs like Microsoft SQL, MySQL and so forth have the built in capability to encrypt your data stored.  Current versions of Microsoft Server software also have the ability to encrypt the server hard drives or certain partitions of it that can store your PHI at a very high level that meets or exceeds HIPAA standards.

If I'm not absolutely required to encrypt my data bases on my servers, why should I bother?  The answer is spelled out very clearly in the HIPAA compliance requirements.  If you have a breach and it's "unprotected" by encryption, you're subject to all of the reporting requirements of the ACT(s) AND are subject to potentially significant fines.  If your breached data is "protected" by encryption, your not.   Seems like a pretty easy decision, doesn't it?

Would you like more information on this topic?  Here's a link to a nice article by the AMA:
http://www.ama-assn.org/resources/doc/psa/hipaa-phi-encryption.pdf

Read More

WARNING - File Servers Don't Last Forever!

Recently our area had some severe weather.  After 25 years in business, we've been conditioned to expect a flood of calls from businesses whose servers have failed the next morning as a result.  Sometimes the failure was caused by water damage, sometimes a power surge caused it to fail but many times it's just a matter of an old server that  has been kept in service too long and the environmental issues caused by the storm just tipped an already wobbly server into a full-fledged failure. 

I don't know why but some business owners who conscientiously change out vehicles and other equipment on a regular replacement schedule for some reason expect their network servers to last 10 years or more. 

Ladies and Gentleman, it's time for a reality check.  Servers aren't expected to last that long!  When you push a server beyond its useful life you risk the lifeblood of your business (your data).  Don't tempt fate.  Resist the urge to get "one more year" out of your server.  If you do, eventually it will fail and the recovery consequences could be much more expensive than keeping your server infrastructure up-to-date in the first place.

A recent example was a client that called us because their in-house IT tech announced that their server had died and he couldn't get any usable data from its hard drives.  To compound the problem, the tech also revealed that he just discovered that their tape backup had not worked correctly in months so there was no usable backup.  They wanted to know if we could possibly recover their data from the drives and then re-build their server.  They were poised to send the drives to a very expensive national recovery service that was going to charge between $8,000 - $10,000 to TRY to recover their data.

I don't have enough space to itemize all of the failures that led to this catastrophe so I won't belabor that point. That tech feels bad enough, I'm sure.

The bottom line was they had trusted all of their critical business data to a 10 year old server and the on-board disk drive controller hadn't just failed.  It had started scrambling all of the data well before it finally gave up in a puff of smoke.

Fortunately, we asked for and received 24 hours to see if our recovery center could resurrect their data from the scrambled hard drives and we got about 90% of their data back for a tiny fraction of what that national company was going to charge.  But, 10% was still totally trashed and beyond repair.  That data will have to be recreated clerically from scratch at who knows what cost.

Servers have an expected useful life.  After that time, the risk of something going wrong grows exponentially every year your server is kept in service.  How long is the useful life of a server?  The replacement rule of thumb to use is the manufacturers warranty period plus 1 or 2 years.  If the manufacturer warranty is 3 years, you're pushing your luck if you take your server beyond the age of 5.  If your manufacturer only offers a 1 year warranty, that should send up a red flag on how long they expect that server to last. 

If you try to stretch server life beyond its useful life, you increase the risk of failure dramatically but perhaps just as importantly you risk not being able to find replacement parts for your server.  Don't expect to find a ready supply of parts for your old server.  Technology changes too quickly to count on finding a replacement for your 7 year old hard drive.  At best you might find a used part of questionable quality from a computer scrapper on e-bay. 

I have a better chance of finding replacement parts for my 48 year old Ford Mustang than you have of finding parts for your 7 year old server.

The risk grows even greater if you bought a home-made server which are frequently called "white box" servers.  Unlike branded servers from  companies like Hewlett Packard or Dell, white box servers are almost always a mix of parts from different manufacturers who each have different warranty and replacement part policies. Getting parts will be a pain in the  neck! 

Here's an example of a recent white box server failure.  ACT was recently asked to resurrect 2 failed white box servers that were about 7 years old.  The power supplies in both had failed.  The motherboards required a special power plug connector that only one power supply company made.  After a few years,  that supplier discontinued that power supply and none of their current models had a matching plug. All attempts to find matching power supplies failed and the client was faced with the real possibility of never getting those servers running again for lack of that one part.  Transplanting the hard drives to another server was not viable for technical reasons. Some fancy solder work by our tech staff to 
jury-rig another power supply to match the motherboard plug got the servers up long enough to retrieve their data.  (We don't recommend this as a long term fix.) 

Name brand server makers like Dell and HP do a marginally better job of keeping replacement components for their equipment but because technology turns over so fast in our industry even they have problems with parts availability after a few years.

Take my advice, check the purchase date of your server.  Check its warranty expiration.  If your server is over 2 years older than the warranty, start shopping for a new server now before it's too late.

Here's a tip for all of you server buyers.  Remember the old adage "Buy what appreciates and lease what depreciates."  Nothing depreciates faster than computers.  Lease financing rates are extraordinarily low now and leasing your servers takes the hassle of coming up with a big chunk of cash for a new server every 4 or 5 years.  It also puts you into a nice easy monthly payment plan that will keep your servers up-to-date with regular replacements on a regular schedule.  For example, a well-provisioned HP Proliant server with Windows Server 2012 including installation can be leased for about $100 per month with no end-of-lease buyout fee.

Need help recovering data from a dead server or PC, contact ACT Network Solutions at (847) 639-7000 or by e-mail at support@act4networks.com.  ACT can also replace your old server with a new HP Proliant tower or rack server using HP direct pricing.

Read More

What The Heck Is Rootkit Malware?

What the Heck is Rootkit Malware?

Essentially a Rootkit Malware is a rogue program that insinuates itself deep into your computer either in the operating system or an even deeper level such as the KERNEL or Master Boot Record (MBR) structure of your computer in order to hide itself from traditional virus removal techniques.  Rootkits are different than traditional malware because regular malware tries to pass as "just another program" on your computer while the Rootkits try to pass themselves off as part of the operating system or a component of your hardware and that's tougher to detect.

Rootkits employ a variety of techniques to gain control of a system.  Here are a few of the major areas they target:

·        The O/S Kernel– the core of your operating system

·        Hardware/Firmware – the embedded codes that drive the hardware components in your PC

·        The Master Boot Record (MBR) – the area which defines how your hard drives are structured and loaded

Once installed, a rootkit works to obscure its presence within your computer through subversion or evasion of the standard security tools used for detection. Rootkits do this by modifying the behavior of core parts of your system.   The fundamental problem with rootkit detection is that once the operating system has been compromised, it can’t be trusted to find unauthorized modifications to itself or its components.

Antivirus products rarely catch all rootkits even though security vendors incorporate rootkit detection into their products.  Some attackers even use counterattack mechanisms that can turn off or disable antivirus programs.  Signature-based detection methods can be effective against well-published rootkits, but will fail against more well written rootkits or those recently introduced that haven’t “made the list” yet.

How to remove a Rootkit

Manual removal of a rootkit is often too difficult for a typical computer user.  There are experts who believe that the only reliable way to remove them is to re-install the operating system from scratch.  Don’t give up hope, though.  Booting from trusted media can sometimes allow an infected system volume to be mounted without the malware starting up and potentially then can safely be cleaned and critical data can be copied off.

Defending your computer

System hardening represents one of the first layers of defense to keep a Rootkit from entering your system in the first place.   Applying security patches, reducing the attack surface and installing antivirus software are some standard security best practices. Once these steps are in place, routine monitoring is still required.

A final word of caution

If you’re not familiar with detecting and removing malware, it’s a good idea to turn your computer over to a professional who is.  Not all computer technicians are proficient in this area and you don’t want anyone “experimenting” on your system.  Some tech’s take the attitude of “screw it, let’s just reformat this sucker!” and you’ll lose potentially recoverable data.  Others may dramatically over-charge and only sometimes are effective at getting the job done.  For example, the standard flat fee from The Geek Squad at Best Buy is usually between $250-$300 while our carry-in fee is usually about half of that and we guarantee our work.

Unfortunately, there is no single Silver Bullet that will clean your system in one pass.  ACT technicians use a cocktail of many different tools in a blend that removes malware and saves your data about 95% of the time.  That blend of tools changes frequently as threats morph and different packages prove more or less effective on new threats.  Fighting malware is a constantly changing environment.  Gone are the days when we fought 6,000 to 7,000 new threats each year.  Kaspersky Labs reported that by the end of 2012 the proliferation of new malware reached an average of 200,000 new threats each day!

If you need help disinfecting your computer or server, contact ACT for help from an experienced security professional by calling (847) 639-7000 or emailing support@act4networks.com

Read More

Is your Anti-Virus software a Leader or a Laggard?

Each year, The Gartner Group, Inc. an IT industry research leader, evaluates IT technology by segment and ranks the top performers in each market.  I thought you'd like to see how the major anti-virus/security vendors ranked in their latest 2013 evaluation. 

Below is what is referred to as the "Magic Quadrant" and the goal of each vendor is to be ranked in the upper right box of the chart (designated as the Leaders for that segment).  Is your A/V provider there? 


No one wants to be in either of the two bottom boxes and being ranked in the lower left box is a real slap in the face to any company listed there. 

What gets you into the Leaders box?  Providers have to show leading edge capabilities to deal with the constantly changing world of virus and malware detection and remediation.  They also have to be able to prove their ability to deliver on what they promise.  This is one of the most critical segments in the entire IT industry.

There are 5 companies listed in the Leaders Category.  Which one is best?  That's a little tricky because some of the companies address different segments of the IT market.  For example, Sophos is listed here but it specializes in large enterprise environments and may not be the best fit in smaller environments when compared with another Leader that plays in the smaller SMB market.

There are also subtle differences in the feature sets offered by each vendor listed.  For example, one vendor may really excel in list-based anti-virus detection but may not perform as well in Holistic malware detection which is the ability to detect previously un-recognized malware.  Since the flood of Zero Day malware (previously undetected malware) is one of the major concerns in the industry, we at ACT regard Holistic detection particularly high in our priorities of features importance in the SMB marketplace where we specialize. 

Suffice it to say that your goal should be to shoot for the Leaders in any IT category and then enlist the help of a professional experienced in dealing with sophisticated malware/virus threat remediation to pick the "best of the best" for your needs. 

If your vendor doesn't appear in the Gartner Magic Quandrant, take the hint.  If Gartner didn't list them, there was a reason. 

For more information on how products are evaluated by The Gratner Group check the following: http://www.gartner.com/technology/research/methodologies/research_mq.jsp

For assistance on selecting the most appropriate security and A/V solutions for your organization call us at ACT Network Solutions at (847) 639-7000 or e-mail us at security@act4networks.com.

Read More

Wireless Networking Is Due For A Big Jump In Performance

Just when we were getting comfortable with the 802.11n wireless standard, here comes a newer and better wireless solution - 802.11ac.  It will probably become the new standard in late 2013.



802.11ac is a brand new, soon-to-be-ratified wireless networking standard under the IEEE 802.11 protocol. It is the latest in a long line of protocols dating back to 1999.  Here's a brief recap of the previous wireless standards.

• 802.11b performed at up to 11 Mb/s per radio (1999)
• 802.11a jumped to 54 Mb/s per radio but wouldn't talk to the "b" standard and is generally not used anymore (1999)
• 802.11g provided up to 54 Mb/s per radio with the same range of 802.11b.  It's still used a lot!
• 802.11n kicked up throughput speeds to 600 Mb/s per radio and is the current standard.  It will talk to older standards devices but at their slower speeds.
• 802.11ac improves transport speed significantly to up to 1000 Mb/s

(Slide courtesy of Meru Networks)

What does this mean to your business?
The improvements of the new devices using this standard include better software, better radios and better antenna technology.  The improvement that has everyone excited is the huge increase in data throughput. Theoretically, it puts Wi-Fi on par with gigabit wired connections.

Another improvement is a feature call Multi-User MIMO. Before, radios could only talk to one client at a time. Now, two or more conversations can happen concurrently, reducing latency(lag).

If you're installing wireless in your business or upgrading you should be aware of the capabilities of this impending standard and plan your purchases accordingly.

Will you be compatible?
Relax, the new wireless standard will support older technology devices for the most part.  You just won't be able to perform at the better speeds if you're got a notebook that has an older adapter in it.  Keep in mind that mixing new and old equipment will give you mixed results as the systems will dumb themselves down to the lower standard when talking to each other.

However, if you're thinking of building a new wireless network or planning a major upgrade, this upcoming technology is something that should be on your radar.

A Word of Caution
While new wireless access points have begun to appear on the market, there aren't a lot of manufacturers putting the newer standard network adapters into their notebooks and other portable devices yet.  Plan your implementations of this new standard carefully.

Need help designing your new wireless network, call 847-639-7000 or e-mail security@act4networks.com to talk to an ACT Network Solutions advisor today.

If you'd like another article to read on the subject go to:
http://www.techradar.com/us/news/networking/wi-fi/802-11ac-what-you-need-to-know-1059194

Read More