Disaster Recovery Planning is Important

Posted on: July 29th, 2019 by jiml | No Comments

Everyone is busy.  In today’s world people are busy even when they are retired.  Business goes to those who hustle, and each business is focused on beating their competitors. Long-term success is not gained by hustle alone.  It is gained by thoughtful planning and follow through. The time is takes to do this type of planning takes away time from the immediate hustle that we are all participating in, but in the end wins out.

Disaster recovery planning is such an activity.  In the words of the great Benjamin Franklin “Failure to plan is planning to fail”.  Disasters can and do happen.  They can take on different forms including natural disasters (which is a minority), user error (statistically the highest percentage), personnel loss and increasingly, a security incident.

More so today than ever, your security defenses are linked with your disaster recovery plans. A ransomware infection, as an example, is both a security incident and a disaster.  The two cannot be thought of separately anymore.

The planning that goes into having a good security response plan and a good disaster recovery plan is the type of work that seemingly takes you away from the hustle that is part of your day to day grind. It is difficult to carve out the time to evaluate your business’ preparedness, but it is absolutely vital.

When I am trying to make the case to an organization that making time for disaster recovery planning is not only necessary but going to make them more successful in the long run, I often refer to Stephen Covey’s “7 Habits of Highly Effective People”. In his book, Covey takes about the four quadrants where people spend their time as outlined in the graphic below:

Figure 1: Stephen Covey’s Time Management Matrix

Most people spend their time in quadrants one and three.  These are activities that have urgency (both important and not important).  Of course, people will spend time on urgent and important activities, which are emergencies and disasters, but Covey argues that truly effective people spend the bulk of their time in quadrant two.  By planning, you avoid those disasters that pull you into quadrant one and effective people delegate the non-important and spend their time on the important.  Disaster Recovery planning is a perfect example of an important but not (yet) urgent activity that Covey is speaking about. If you don’t put the time into preparation and planning, and a disaster hits, you are in for a difficult, quadrant one day.

How confident are you in your disaster recovery and security response plans?   What are you working on today? Are you working in quadrant two as effective people do? Give us a call at (888) 600-4560 or email us at info@coldencompany.com to discuss your plans.


Modern Threats Require Modern Defenses

Posted on: June 25th, 2019 by billp | No Comments

Small businesses increasingly face the same cybersecurity risks as larger businesses but with fewer resources to protect themselves. In fact, according to the 2018 State of Cybersecurity in Small & Medium Size Businesses study by the Ponemon Institute:

  • 67% of small and medium-sized businesses have been affected by a cyberattack
  • 82% of attacks were not caught by traditional antivirus software
  • 61% of SMBs have been attacked by ransomware
  • 70% paid the ransom at an average of $1,466 per incident

Worse yet, between 2017 and 2018:

  • Data breaches are up by 4%
  • Cyberattacks are up by 6%
  • Ransomware incidents are up by 9%

We can expect these numbers to increase when the 2019 figures are tallied. The fact is that the problem is only getting worse; it’s not a matter of “if” but “when.”

The traditional concept of “antivirus software,” which arose with the first products released in 1987, started to enter obsolescence sometime early this decade. Industry leaders first began noticing the decline around 2012 when the volume of malware samples began to outstrip the ability of antivirus vendors to write new signatures to block the malware. Both the volume and sophistication of malware has continued to increase exponentially; it’s estimated that there are now 350,000 new variations of malware per day.

To make matters worse, malware and ransomware are a valuable criminal enterprise, incentivizing the cybercriminals to try harder. Aside from ransomware payments made, ransomware damages are predicted to reach $11.5 billion in 2019. Ransomware costs include damage and destruction (or loss) of data, downtime, lost productivity, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hostage data and systems, reputational harm, and employee training in direct response to the ransomware attacks.

New threats require new solutions. Any product that attempts to protect the endpoint (desktop, laptop, etc.) in this era of vulnerability and risk can’t just target present threats – it must also be future-proof.

Enter Endpoint Detection and Response (EDR) solutions, which target malware behavior instead of identity. The number of malware behaviors is considerably smaller than the number of ways a malicious malware might look, making this approach suitable for prevention and detection.

Consider this analogy. Security professionals (e.g. soldiers, police, guards, etc.) might stop someone and ask for identification. If an ID is provided, is that it? Is any criminal with an ID guaranteed to bypass security? The answer is no. Thankfully, well-trained security professionals receive extensive training to help them spot suspicious behavior which may indicate that someone is not who they say they are.

EDR solutions are the well-trained security professional for your network, providing the following sophistication protections and many more:

  • Real-time protection for known and unknown threats
  • Protection from polymorphic and disguised threats
  • Watches processes as they run in case they “turn bad”
  • Allows quick rollback to a known good state when an attack does occur

Are you ready to have a well-trained security professional guarding your network 365x24x7? Contact the security professionals at Colden Company at 888-600-4560, email us, or visit us on Facebook or Twitter.

Get the Most From Your Phone System

Posted on: May 28th, 2019 by jiml | No Comments

Are you a running a small to mid-size business and looking for better value out of your phone system? Colden Company can help!  Colden Company is a provider of best-in-class Voice over IP (VoIP) phone systems with guaranteed uptime.  Our cloud PBX system offers many advanced phone features like:   

  • Voicemail to email transcription
  • Follow-me feature (find me on my cell phone)
  • Call center capabilities
  • Configurable call routing
  • Automatic failover
  • Web faxing
  • Call Reporting
  • Soft phone apps for desktop and mobile

In today’s mobile world, cell phones can be integrated into the phone system with “follow-me” functionality where your cell can ring either simultaneously or sequentially with your office phone. Soft phones or apps are available to you can make calls on your computer or cell phone from your business phone system are also key advantages.

The cloud-based PBX means no equipment to install on site and low entry costs.  The configurations are stored in our cloud system and protected with state-of-the-art security as well as a 99.999% uptime guarantee. No local equipment to fail or replace (except actual phones).  What happens when your Internet service drops?  Customers still get through!  Your auto-attendant is in the cloud and will answer.  When the cloud-based PBX notices your Internet is down, the backup numbers are automatically rung as you configured.  (Perhaps redirected to a remote office, or to your cell phone.) Each extension can have its own backup number as well.

Our cloud-bases system also gives you flexible conference bridges, screen sharing software for collaboration and more.  The comparison between the functionality of today’s modern phone system and analog systems of the past is no comparison.

Want to hear more?  Please watch our video here or contact us at (888) 600-4560,Email us, or visit us on Facebook or Twitter.

 


Share on Google+

Using OneDrive for Business

Posted on: April 24th, 2019 by jiml | No Comments

Microsoft’s cloud file storage solution is called OneDrive. It is their competing product to Google Drive or Apple’s iCloud. There are many advantages to having file storage in the cloud including, data accessibility. Files store in OneDrive can as easily be modified from home as in the office. OneDrive is integrated with Microsoft’s Office365 product and there are some important distinctions that must be clarified before rolling out to an enterprise. First and foremost, OneDrive Personal and OneDrive for Business are not the same. Many people assume OneDrive is one entity, either OneDrive Personal or Business, and do not understand they may not be getting the feature set they are expecting.

OneDrive for Business has much more capacity than the personal OneDrive. It comes with a terabyte of storage per user as opposed to five gigabytes for personal. OneDrive for Business offers end-to-end encryption with files securely stored in the cloud, OneDrive personal does not. OneDrive for Business has some additional features like version history, data loss prevention (depending on the plan) and advanced search options that are not available in the personal edition. Click here for more on OneDrive from Microsoft.

How do you know which version you have? There are a few key indicators. First, your OneDrive for Business icon in the system tray will be a blue cloud, whereas the personal OneDrive will be a white cloud. If you are still unsure, right click on the icon and choose the “Settings” tab and you will be shown the amount of available storage. If you see “1 TB”, you have OneDrive for Business, if you see “5 GB” you are using the personal.

Before rolling out OneDrive to your enterprise, there are a few key considerations that must be determined. Data accessibility and data security are often at odds. Take a good look at your data and think long and hard before putting any kind of protected data in the cloud. Data that businesses have a legal obligation to protect may not be a good fit for OneDrive. If you do decide to put protected information in the cloud, make sure you spend the time to properly secure it. There are ways to secure that data in OneDrive, but it requires some planning and configuration. OneDrive also has syncing capabilities so files and folders can be in the cloud but also synced down to local clients. This is another area where careful consideration must be given prior to rollout. If you allow syncing to local clients and have large amounts of data in the cloud, it can easily cause local hard drives to fill up prematurely.

Finally, we recommend looking at the entire Office 365 suite of products and decide which are the best for your business to utilize. Perhaps Teams is a better place to store data than OneDrive for certain test cases. Perhaps you already have SharePoint savvy users and may want to choose SharePoint Online over OneDrive. A holistic look at your business and the tools available is recommended so the best decisions can be made.

These are just a few of the considerations that businesses must plan for prior to a rollout. Careful planning ahead of time will likely determine whether your business deployment of OneDrive is a success or a failure. In the words of great American Ben Franklin, “Failing to plan is planning to fail”.

Interested in hearing more?  Please click here for a recording of our webinar on OneDrive for Business or call us at (888) 600-4560.

Email us, or visit us on Facebook or Twitter.

 


Share on Google+

Tools for Browsing Safely

Posted on: March 29th, 2019 by jiml | No Comments

One of the more common ways that computer users pick up malware and viruses is through web browsing.  Often times, users are not trying to be malicious, they are trying to accomplish something constructive.  Perhaps they are searching for the latest update for Adobe Reader and click on the first link they see without checking to make sure the site is really Adobe.  If it is not a legitimate site, users can easily download viruses or malware unwittingly.  This malware can cause the business a loss of productivity and real dollars to combat and clean up. This scenario is repeated across businesses everywhere every day.

The good news is there are tools to help prevent this type of problem from occurring at your business.  We will focus on two in this post.  The first is our web protection tool. Web protection is a program that runs behind the scenes on your computers and compares Internet sites against a list of known bad sites or sites your company has chosen to block.  In the example above, the user would receive a message that the site they clicked on has been blocked for their protection. Web protection offers a lot of flexibility for a business.  Management can create different policies for different users.  For example, if a company wanted to block social media sites but allow it for their marketing team so company sites can be kept up to date, that is possible.  Not every user should have the same policies and web protection offers that flexibility.

There is another tool available as well for safer browsing called Application Guard. If you have Windows 10 and the appropriate hardware behind it, Application Guard can be activated within Microsoft’s Edge browser.  Application Guard will essentially open web pages in the Edge browser in a contained virtual environment. Anything that happens in the session stays within the session and dies with the session.  This means any malware infections would corrupt the virtual browser and not infect the computer itself.  Simply closing the Application Guard browser kills the virtual machine and any infections along with it.  In technical circles, Application Guard is referred to as a sandbox.  You can play in the sandbox and what happens there stays there. (Sounds like a catch phrase for a certain city in Nevada doesn’t it?)  Application Guard is not turned on by default and there is some thought that should be put behind it before deployment.

Interested in learning more? Please contact us at (888) 600-4560.

Email us, or visit us on Facebook or Twitter.

 


Share on Google+

Are You Paranoid? Anatomy of a Successful Hack

Posted on: February 25th, 2019 by jiml | No Comments

Are you paranoid? If so, good! Studies have shown that users who are paranoid about data security are actually more secure! A recent study from Datto, also reported that only 36% of small to medium sized businesses feel ransomware is a significant threat. Compare this to those that work in the Information technology field where that number jumps to 89% who feel ransomware is a significant threat. This is a very large gap between the general public and those in the technology field. Perhaps technology professionals deal with data security on a daily basis and are more in-tune with the threats. Regardless, it is surprising that only 36% of small to medium sized businesses take ransomware seriously. It might pay to be a little more paranoid.

In addition to ransomware, there are other significant threats out there. As we mentioned in a previous blog post, the majority of successful hacks start out as phishing emails. Phishing emails are much more sophisticated than in years past and hackers identified where they are going to make their money. The tactic is to attack people working in finance and management. Executives and finance workers are the primary targets of Business Email Compromise attacks.

Anatomy of an Attack

The hacker will send phishing emails to attempt to trick the user into entering their email credentials. They accomplish this by simulating emails from various popular email platforms like Microsoft Office 365 or Google’s G Suite service. There is a good chance at least some of the people they are phishing will use one of these popular services. Once the user enters their credentials, the damage is done. The hackers will immediately download the users email and later scour it to see who they might be able to attack next to extract money, like a payroll company, or  a customer or vendor. They will use web mail services to gain access to the phished users account and be able to send out emails as that user. (Legitimately coming from their account!) They will set up email rules to deliver responses from targets to themselves and ensure that the unsuspecting hacking victim in finance never sees the correspondence. They will send emails to payroll providers saying, “Please set up a 1099 worker quickly and wire them a paycheck to this account” or email a customer saying, “Please pay this old invoice ASAP or services will be discontinued”. The receiver will see this email as legitimately coming from the hacked finance user, someone they know. The victim may even correspond with the hacker via email asking questions, thinking they are talking to their finance contact. The unsuspecting hacked finance user will never see these conversations.

These attacks are the fastest growing type of attack statistically. They are a real threat to your business. How can you protect your business? Here are a few of the top methods:

• Educate users about the threat
• Enable two-factor authentication for email
• Disallow forwarding to external domains
• Ensure quality spam filtering
• Set SPF records for your domain
• Perform phishing simulations

Are you paranoid? Perhaps the better question is “Are you paranoid enough?”. The threats are real and businesses suffer financial harm every day as a result.

If you would like to discuss how better protect your business, call us at 888-600-4560, email us, or visit us on Facebook or Twitter.

 



Being a Digital Leader

Posted on: January 28th, 2019 by jiml | No Comments

It is a new year!  We hope that everyone is as excited for 2019 as we are here at Colden Company.  The new year often brings new resolutions both personally and professionally.  I am going to exercise more in 2019, I promise!  On the professional side, everyone wants to take steps to improve at work and improve business.  We have all heard the expression that the definition of insanity is doing things the same way and expecting different results.  Why not try something that is proven to make businesses more successful?  Become a digital leader in your field. According to the Harvard Business Review, companies that embrace technology outperform those that lag behind by a considerable margin. There are several technology areas that leaders in their respective verticals are taking advantage of.

  • Mobility

We have talked extensively about the statistics showing that mobile devices are outselling traditional desktops as more and more of the workforce is going mobile. Get that data back and forth from the field in a more timely and accurate way.

  • Collaboration

The ability to get information to all of your team quickly and accurately is a competitive advantage. Companies that have mastered this can make decisions more quickly and with the proper input are more nimbly than its competitors.

  • Cloud

Information in the cloud is more easily accessible in many cases to those require it. Cloud solutions are often more scalable (both up and down) allowing businesses to be flexible.

  • Security

If your business is not up to date on data security, your business is at risk.  The threat of attacks like Business Email Compromise attacks are real and can devastate your business. Successful businesses are taking steps to protect themselves.


Being a digital leader is not easy. It requires a commitment of both effort and time. Time is not something that most people have an excess of these days. Choosing the right partners can go a long way to making sure you have the right information. We recommend having a technology team that consists of key personnel inside your organization and trusted technology advisers that can offer insights into technology solutions that might fit your business needs. Your business leaders should drive the conversation. They know the industry and the business and the technology advisors role is to compliment the vision with the right technology.

If you would like to discuss how Colden Company can help with your technology team and make your business a digital leader, call us at 888-600-4560, email us, or visit us on Facebook or Twitter.

 



Is Your Business Getting the Full Value from Office 365?

Posted on: December 21st, 2018 by jiml | No Comments

One of the more overlooked features of Office 365 is Teams. Many businesses that have subscribed to Microsoft Office 365 have access to Teams and either do not realize it or do not utilize it. Enterprise plans and Business Premium plans that include Microsoft Office applications include Teams. Please note that retail or OEM copies of Microsoft Office do not include Teams.

What is Teams?

Team is a collaboration tool as well as an instant messenger/chat tool. Teams will eventually replace Skype for Business in this space and can do screen sharing, video or audio calling and even recording of calls. Teams has much of the functionality of Skype for Business and more.

Teams has a “Teams” tab below the “Chat” tab where users can collaborate on projects. Businesses can establish public or private teams, assign members, and share information, files, messages and more inside the team. Users can even collaborate on Office documents, which has long been a desired feature for Office. Upload a spreadsheet and multiple users can open the sheet and modify it simultaneously. Microsoft even added the ability to jointly collaborate on Visio drawings assuming the collaborators are properly licensed for Visio.

In order to best organize conversations, Teams allows users to set up channels. For example, you may have a Team for a customer and channels for the different projects going on for that customer. It is a nice way to organize communications.

Teams also has many connectors to other products, both Microsoft products like Planner, and outside connectors to services like Twitter and LinkedIn.

Want to hear more? Please see our video on Using Microsoft Teams and start taking advantage of this tool that is including in most Office 365 subscriptions!

https://www.coldencompany.com/coldentv/microsoft-teams/

Give us a call and let our experts help you with the planning a deployment of Teams. Call us at 888-600-4560, email us, or visit us on Facebook or Twitter.







Internet of Things

Posted on: November 26th, 2018 by jiml | No Comments

There is a lot of buzz about the Internet of Things; connected devices that communicate and ultimately improve quality of life. We see a lot of conversation around “smart cities” and “connected buildings” that utilize IoT technology to gather information, process it and deliver an upgraded experience to users or citizens. This area of emerging technology is an area of opportunity for businesses but also an area of risk. After all, adding more devices to the Internet also gives hackers more data points to attack to compromise networks and gain access to sensitive data. A poor implementation of IoT devices can lead to a negative experience, but those risks can be managed and ultimately should not prevent businesses from taking advantage of the opportunities that IoT can bring to your business.

Take a simple example, you are an HVAC company that installs a managed thermostat or temperature sensor in a commercial building. If that device gets hacked, that can lead to liability for your business for damages caused to the customer network, not to mention the possibility of losing that account. There can be a grey area of responsibility as new technology gets rolled out. One way to mitigate risk is to clearly define, in writing, what responsibilities your business takes for IoT devices installed on customer networks and just as importantly, what responsibilities your business is not liable for. Managed properly, the device can give your technician valuable information on temperature to deliver better results for your customer.

When selecting an IoT product for deployment, most businesses look at functionality of the device and no further. In today’s world, an inspection of security must be a part of the process. Performing this inspection upfront can also help reduce risk. This is where partnering with a company like Colden Company can pay dividends. Allow partners with expertise in the security space to advise you on that aspect of your IoT project.

From a technology standpoint, simple precautions like implementing VLANs that separate the device management network from the customer network can reduce risk. Also, implementing a plan to patch and upgrade device firmware regularly can reduce risk. Proper upfront configuration of IoT devices, as well as a management plan are both part of a successful deployment of IoT devices.

With the proper precautions, IoT can be a differentiator for your business. Do you have an IoT project your business is planning to roll out? Give us a call and let our experts help you with the planning a deployment. Not sure how IoT can help your business? Call us at 888-600-4560, email us, or visit us on Facebook or Twitter.







Disaster Preparedness

Posted on: October 19th, 2018 by jiml | No Comments

The emphasis on data security is rightly overshadowing all other technology topics today. The threats are real and dangerous to your business. Since we are all the kind of people who can chew gum and walk at the same time, we have the mental bandwidth to consider disaster preparedness as well.

The hurricane season is hopefully winding down, but not before Hurricanes Michael and Florence did real devastation to areas on our eastern seaboard. Our thoughts and prayers are always with the families of victims whose lives were lost in those storms. As a business entity, business continuity is a topic that requires thoughtful planning. Many businesses relegate this task to their IT people, but it is NOT an IT function. Certainly, IT has a place at the table but businesses that have successful business continuity plans have executive sponsorship from someone at the C-level in the organization. Business processes need protection as well as data.

One question we urge our customers to consider is “How long can I reasonable be without a particular business function during a disaster?”. This defines the recovery time objective for that function. Different business functions may have different recovery time objectives and that is fine. One mistake we commonly see is business that overestimate their ability to handle downtime. Time and time again, we hear a business can survive a couple of weeks without their systems, but when the Internet goes out for 20 minutes, their office is in chaos. Setting unrealistic expectations for how downtime will impact your business is only fooling yourself. Get the opinion of several key people throughout the business and come to a common consensus.

Once the recovery time objectives are defined, it is time to evaluate your existing business continuity plans. Do they meet the stated recovery time objective? Here is another area where we see businesses fail in planning. Do not expect everything to go smoothly during a disaster. It surely will not. We see businesses underestimate the time it will take to recover from a disaster. Again, here is an area where a faulty number will only cause your business grief in a real-world disaster. Be realistic.

If a gap is discovered between the recovery time objective and the current business continuity plans, it is time to research options. Many businesses incorrectly assume that since their data is backed up to the cloud, they will be able to access it when they need it. In many cases, you need to have the underlying infrastructure in place to restore that cloud data to in order to recover. Not so, with the backup and disaster recovery (BDR) appliance. From a technology perspective, Colden Company is a proud partner of Datto, a leading provider of backup and disaster recovery appliances. This technology can greatly reduce downtime by allowing businesses to virtualize their infrastructure either locally, or in the event of a site disaster, in the cloud. These are backups you can use. (hence the disaster recovery component) Imagine being able to spin up an exact copy of your production servers in the cloud in minutes after a disaster. That is the power of the Datto solution. We recommend this solution frequently for those that have a gap in between their stated recovery time objective and their current plans.

Want to hear more? Call us at 888-600-4560, email us, or visit us on Facebook or Twitter.