Technology Lessons from Hurricane Harvey

Standard

The following was published in today’s Foster’s and Seacoast Sunday.

The devastation to Texas and Louisiana from Hurricane Harvey is truly heartbreaking. The news reports continue to tell a story that is unfolding moment by moment. I have colleagues, family and friends in harm’s way and I am so grateful to know that they are all safe.

My cousin, Jonathan Siger is a rabbi in the Houston area and a chaplain to the local sheriff’s department. Watching his videos from the rescue boats and hearing the scene’s he has been on, brings a very different perspective to what we see and hear on the news. I hope by the time this article is published on Sunday Texas and Louisiana will have emerged from the storm and that things will be improving. They will need a lot of patience and support as they work to rebuild their communities.

The outpouring of support and inflow of donations is showing the best of what this nation can muster. I’ve seen so many initiatives, even within my own IT industry. CompTIA, the global IT trade association, has launched an initiative encouraging all of its corporate and individual members to make a donation to hurricane relief and CompTIA will match $2 for every $1 donated up to $200,000. You can participate by going to http://bit.ly/CompTIACares and entering CompTIA as the company to match.

HarveyOpsLeading up the arrival of Hurricane Harvey, technology companies across Texas were issuing recommendations to safeguard the digital assets of an organization. Cloud computing has played a major part in ensuring business continuity throughout the storm. This was mainly accomplished through having company data safely backed up to the Cloud. However, as more and more companies move applications and in some cases, entire infrastructures to the Cloud, these businesses are able to maintain complete operational effectiveness through something as catastrophic as a hurricane.

This does not mean there were not challenges. Certainly, the widespread loss of power and the heavy flooding impacted people’s ability to work. The cellular networks were stretched to their breaking point, but held in most cases. I have been in touch with colleagues in the greater Houston area and they have all made it through thus far. Most have suffered water in their homes and needed to evacuate. Fortunately, of the people I have been able to contact or get updates on, their businesses have not experienced any catastrophic losses of data.

The key to being able to bring your business through an event like this is planning. The last thing you want to do is figure out a plan while the storm is bearing down on you. As I already mentioned, backing up your data to the Cloud is a must. When you can leverage the Cloud to actually run your business applications and even your critical infrastructure, you are that much better prepared. Be sure your most critical infrastructure components are attached to Uninterruptable Power Supplies (UPS), which will provide backup power should the power go out and most importantly, properly shut those infrastructure items down should the battery run low. All other computing devices should be connected to surge suppressors. Many people do not realize the restoration of power can be as much of a threat as the loss of power. I have seen situations where building and individual pieces of equipment have caught fire when power was restored after a sudden power loss. UPS and proper surge suppression will protect against this in almost all cases.

Obviously, if you are facing the risk of flooding, you want to secure as many of your electronics away from likely locations susceptible to flooding. This isn’t always possible, but sometimes even just moving computers away from window areas can make a big difference.

Even though I am focusing on technology, don’t forget about your low-tech assets too. If you are maintaining paper files of any value, be sure you have a plan for them. While I would recommend you scan all important documents and store them electronically, I know nearly all businesses still keep some of their critical data in paper form. Be sure you have a plan to secure those files before a storm hits. Consider watertight storage containers, even if just to see them through the storm.

While you may have your data and your critical applications covered, don’t forget that you need to think about how your team will function if they are not able to get to the office and also, if they have to leave their homes. In some cases, it just won’t be possible to work for several days. I experienced that this week, with one of my clients who has an office in Houston. They were able to get back in to their office and all of the preparation steps we recommended, including shutting everything down, paid off. We were able to help them remotely bring everything back online and they are fully functional.

Throughout the storm, they maintained communication with their entire team, so staff knew when it was safe to return to the office and get back to work. Hopefully, you have a plan like this for your business. If you don’t, put one together now.

What About VoIP – a Podcast

Standard

I was recently interviewed by Jonathan Blackwood, managing editor of TechDecisions, for his most recent podcast on Voice over IP, VoIP.  Jonathan is the Managing Editor at TechDecisions and I truly appreciated the opportunity to speak with him.  He’s as passionate about the IT industry as I am and his podcasts are very well regarded throughout the industry.

TechDecisions is a division of EH Media, the company behind Commercial Integrator, Security Sales & Integration and ChannelPro magazines.  TechDecisions is also the new site that brings them all together, to make it easier for technology professionals and decision makers to get the information they need to ensure project success across these evolving technology segments.

In this podcast interview, Jonathan and I discuss VoIP and what opportunities it presents for companies of all sizes and the technology partners the work with.  We talked about understanding what VoIP really means and the different ways organizations may implement it.  We also talk about some of the newer offerings maturing in the market and how to write an RFP for VoIP services.TD-podcast-logo-r.jpg

You may listen to the podcast here.

Are You Taking Advantage of Office 365

Standard

The following was published in the August 20, 2017 editions of Seacoast Sunday and Foster’s.

Most small and mid-size businesses have or are moving to Office 365 for various reasons. Mostly, this is to deliver more reliable email, but Microsoft continues to bundle more software and features into the subscriptions, yet most people think it’s just email.

Microsoft offers a range of subscriptions from as low as $5 per month per user to $35 per month per user.

Office 365The most basic business subscription, Office 365 Business Essentials, offers a complete online experience for email and collaboration. If you already own Microsoft Office software for your computer, you can connect your desktop software to some of the services included in this subscription. What you get for $5 a month is impressive. A 50-gigabyte email box and web versions of Microsoft Outlook, Word, Excel and PowerPoint, allow you to work with and create files using the popular Office applications in your web browser. You also receive 1 terabyte of storage in OneDrive, Microsoft’s online file storage and sharing service. You also get SharePoint Online, a web-based collaboration platform you can use to create a private Intranet site for your business.

You also have a subscription to Skype for Business, which may be used for internal and external instant messaging and hosting online meetings. You even have access to team-based services like Microsoft Planner and Yammer, which allow you to manage team tasks and cross departmental collaboration. All this comes with 24/7 phone and online support.

This subscription level is valid for companies with up to 300 users.

The Office 365 Enterprise E5 subscription includes everything in the basic level, plus the following. The most noticeable addition is the inclusion of the Microsoft Office software for up to five devices per person. This includes PCs, Macs, smartphones and tablets. You get the latest versions of Outlook, Word, Excel, PowerPoint, OneNote and Access. The available OneDrive storage is unlimited at this level. Skype adds Skype Meeting Broadcast, which allows you to host online meetings for up to 10,000 participants. Email gains advanced eDiscovery with search, legal hold, export and analytics.

Also added are retention and deletion policies for email and advanced threat detection. Advanced Security Management provides insight into potential threats to your data, including data leakage. Another major benefit of this subscription is Skype calling via a Cloud PBX, which allows you to use Skype to replace your existing phone system. You have the option to use Microsoft for your local, long distance and international calling or use your existing services with Skype.

Finally, there is Microsoft Power BI, a robust analytics tool that allows the average user to create meaningful dashboards to track metrics that matter for them. There is no limit to the number of users. For $35 a month per user, this is absolutely the best value. Most businesses will pay significantly more to come up with this powerful a set of benefits through any other means.

There are several subscription options between these two that offer more and more features on top of the basics. If one subscription doesn’t offer quite enough and another too much, I’m sure there is a subscription between that will be right for your business. Challenge your company to take full advantage of Office 365, whichever subscription you may have. Chances are you are not.

One final item: You will notice I have a new title and company name this week. In late May, Internet & Telephone, LLC was acquired by Onepath. This past week, we completed our rebranding and are now known as Onepath and I have a new role that provides me with increased opportunities to work directly with our clients. We have the same local New England-based team with our New England base of operations in North Andover, Massachusetts, and our offices and data centers in Boston and Portsmouth. We add our corporate headquarters and other offices in the Southeast. It’s an exciting time for our clients and our dedicated team of technology professionals.

MJ Shoer is director, client engagement and vCIO at Onepath, with offices in New England and the Southeast. Onepath is the one source for all things to do with designing, deploying and supporting technology – from cable to Cloud. He maintains a blog about IT at www.mjshoer.com and may be reached at mshoer@1path.com.

Prime Day Phishing Examples

Standard

Yesterday, I posted a warning about scams associated with Amazon‘s upcoming Prime Day on July 11th.  Here are a few examples, to help you remain alert and avoid getting caught by the hackers trying to exploit this popular online shopping day.

AmazonPhish1

AmazonPhish2.jpg

AmazonPhish3

In each of these examples, you will notice the following:

  1. The sender address may look like it’s coming from Amazon, but if you take the time to look at the actual address within the <> symbols, you can clearly see that it’s not.  Some email programs will show you this like in these examples.  Others, you may have to hover your mouse over the “from” name to see what the underlying address is.
  2. The message contains only links.  DON’T CLICK.  These links will bring you to malicious sites that will load malware on your device.
  3. The messages all have an Unsubscribe link at the bottom.  As with #2, DON’T CLICK.

Hopefully these examples and warnings will help you enjoy Prime Day safely!

In case you missed my original post yesterday, about this, here is the link.

With Prime Day Comes Scam Days

Standard

Amazon Prime Day is coming and along with it, hackers are actively trying to scam users of the popular Amazon service.

What is Prime Day?  From Amazon’s web site: “This July 11 is the third annual PrimePrime Day Day. Prime Day is our annual deals event just for Prime members. We want Prime Day to be one of the world’s best days to shop, with awesome prices on everything you’re into. We’re bringing you hundreds of thousands of deals, new deals starting as often as every five minutes, and special offers across everything included with Prime—from music and video to reading and voice shopping.”

This year, hackers are really taking advantage of Prime Day, perhaps in part because Amazon has been more aggressively promoting Prime Day each year.  Prime Day deals are available for several days prior to the 11th.

Be on the lookout for phishing email messages, with subjects and sender names referencing Amazon Prime and Prime Day.  Even if you just placed an order, double check the sender address and hover over any links before clicking to be sure they are really from and going to amazon.com.  And don’t forget, never open an attachment.  Amazon doesn’t send them, so that would be a clear indicator of a potential phishing attack.

I have already seen numerous examples of phishing email messages that say they are from Amazon Prime or reference Amazon Prime Shipping in the subject or other similar names and subjects.  Be careful while enjoying Prime Day!

Self Service Password Resets Save Time and Aggravation

Standard

You know the drill.  IT has implemented another security policy that requires you to change your password every 90 days.  The password must be complex, 12 or more characters and contain upper and lower case letters, at least one number and a symbol, a character like !@#$%&*.  Your password needs to be something like this, fU&s43jm#@l0, to be valid.  You are also not allowed to resuse a password you have used in the past year.  Will you remember it?  Hopefully.  Will you mistype it, almost certainly.  What will you do if you can’t remember it?  Call the Help Desk and have them reset your password.  It stresses you out, doesn’t it?

What if you could easily reset your password, right from your mobile phone without having to call the Help Desk?  You can!  An innovative company named Passportal from Alberta, Canada has what may be the easiest and best solution to the password reset problem.  Their solution is available through partner like Internet & Telephone, LLC and can make the password management problem go away for you and all the computers users in your company.

Here’s how it works:

  1. You get the dreaded message that your password has expired and you need to set a new one.
  2. You create your new password; ih0p3!r3m3mber@.
  3. You return to the login screen and type it in, but it says it’s invalid.  DejaVu sets in and your blood pressure begins to rise.
  4. In the old days, you would call the Help Desk and ask them to reset your password for you.  You wait for the friendly and empathetic technician to login to your network, open your users account and reset your password.  Back to work you go.
  5. Instead of #4, what if this happened:
    1. You pick up your mobile phone and text a keyword to a Blink_Chat_Animationpre-defined number you have saved as a contact.
    2. You immediately get a reply letting you know your password is about to be reset.
    3. Within 60 seconds, you receive another text with a new password.  Something like: 8Fx%$Gsjh3*7.
    4. You return to your login prompt and enter 8Fx%$Gsjh3*7 as your password.
    5. You are asked to set a new password that you will remember this time, right?

That’s how easy it could be to reset your password if you forget it, lock out your account or let it expire and mistype your new password.

This is also how easy it is to make password changes and resets less hassle for your users and less timely to complete.  The user has complete control and the ability to instantly help themselves through this efficient self service password reset system.

If you’re not using self service password reset now, you should be.  Your users will thank you.  So will your Help Desk team.

DocuSign Hacked, Exercise Caution

Standard

DocuSignLast week DocuSign, one of the market leaders in online eSignatures and contract execution and management, announced that it had discovered a data breach.  The result?  A targeted phishing campaign using social engineering gathered from the breached data to trick people into executing a document that is not a real DocuSign document.

If you are not familiar with DocuSign, here is an excerpt from their About Us page on their website.  “DocuSign® is changing how business gets done by empowering more than 300,000 companies and 200 million users in 188 countries to sign, send and manage documents anytime, anywhere, on any device, with confidence.”

The phishing attack, which DocuSign acknowledges, targets those who have used DocuSign to sign and execute contracts in the past.  It is doing this using data obtained from the breach.  Through social engineering techniques, users are tricked into activating macro code in an attached Word document that loads malware onto the victims computers.

An important thing to note is that DocuSign never sends attachments and asks the recipient to open the attached file.  That should be an immediate red flag.  If you have used the system, you know that the document you are being asked to sign in the DocuSign system is presented within your web browser over a secure SSL session.  You “sign” the document online and are then presented the option to download a PDF copy of your signed document.  This should be an easy phish to spot, yet people are falling victim to it.

Here is a recommendation that has been put out in collaboration with KnowBe4, our partner in helping to educate our clients about risks like this:

“Hackers have stolen the customer email database of DocuSign, the company that allows companies to electronically sign documents. These criminals are now sending phishing emails that look exactly like the real DocuSign ones, but they try to trick you into opening an attached Word file and click to enable editing.

But if you do that, malware may be installed on your workstation. So if you get emails that look like they come from DocuSign and have an attachment, be very careful. If there is any doubt, pick up the phone and verify before you electronically sign any DocuSign email. Remember: Think Before You Click.”

Simple, but important advice to always verify the source, especially when you are not expecting something that you have received.

DocuSign maintains a good site regarding their security posture at https://trust.docusign.com.  I recommend you keep watch on this site if you are a regular DocuSign user.