New York State SHIELD Act is Here

Posted on: November 26th, 2019 by jiml | No Comments

In August, New York State signed into law the SHIELD Act or the “Stop Hacks and Improve Electronic Data Security” Act. This is an enhancement to New York States previous law and has several keys points that anyone doing business in New York should take note of. This law goes into effect on March 21, 2020 with a notable exception noted below.

Expanded jurisdiction:  The SHIELD Act now pertains to any business, inside New York or outside of New York that stores private information on New York residents. This is an expansion of the jurisdiction from the previous statute.

Expanded definition of private data: New York has expanded the definition of private data to include biometric data and any combination of username, email address and access codes that could lead to the compromise of electronic accounts.  Interestingly, New York did not take the additional step of covering DNA as some other states have.

Increased reporting requirements: In past, HIPAA covered organization could get by with reporting a suspected breach to the Department of Human Services.  The SHIELD Act requires the New York State Attorney General also be notified of a data breach. In addition, the definition of a breach has been expanded to viewed data, not just downloaded data as was previously the case. This part of the act goes into effect October 23, 2019 before the remainder of the Act. Fines for non-compliance have increased as well.

As a business, you have a responsibility to know and comply with this law. Not knowing the law is never an excuse for violation.  The act requires businesses to comply in three different areas:  Administrative, Technical and Physical. While the individual safeguards are too numerous to put in this post, Colden Company can assist your business within each area of the Act and set your company on a path to compliance. Please feel free to reach out to us at (888) 600-4560 by phone, or info@coldencompany.com via email.


The Windows 10 November Release is Coming

Posted on: October 25th, 2019 by jiml | No Comments

Microsoft releases two major updates to Windows 10 each year.  The second one for the calendar year 2019 is set for release. (version 1909) As with most releases you may notice your disk space fluctuate as Microsoft is pushing down the release in advance of deployment. Also, as with other Windows 10 releases you can defer them for a period of time.

This release contains many fixes and updates, most of which will not affect your day to day use of the computer. For example, Microsoft has made some underlying security improvements and made some power efficiency improvements for certain hardware. This update is expected to contain fewer updates than a typical semi-annual release and install more quickly consequently. 

One new feature is the ability to create reminders right from the Calendar flyout on the task bar (lower right corner). You can pick your date and time and location for reminders.  See figure 1 below for a visual:

The start menu will now show you expanded items if you hover over an icon in the menu. Previously you need to click on it to see the contents.

There are also several improvements to notifications. It is now more clear to discern action pane notifications and banner notifications.  You can disable sound for all notification rather than app by app.

Click here for a nice article that summarizes some of the key customer facing improvements in more detail.

NOTE:  As a reminder, if you are running Windows 7, that operating system will reach end of life on January 14, 2020. That means Microsoft will no longer support or patch the operating system.  This makes Windows 7 a security concern after the end of life date and we advise users to upgrade to Windows 10.

If you have any questions or concerns, please feel free to reach out to us at (888) 600-4560 by phone, or info@coldencompany.com via email.


PowerPoint Tips and Tricks

Posted on: September 26th, 2019 by jiml | No Comments

Microsoft PowerPoint has been a staple for presenters for many years.  PowerPoint was first released in 1987, acquired by Microsoft shortly thereafter (for $14 million, imagine what it would sell for today!)  and has been going strong ever since. There has been quite a bit of functionality added over the years, yet many just use the basic feature set of the product.  Let’s take a look at some of the nice features available as well as some basic principles for PowerPoint newbies.

Our first recommendation is to start in Word, not PowerPoint.  When I am designing a new presentation, I put ideas down in a Word document so I can easily shuffle ideas around until I have a general workflow for the presentation. Then move to PowerPoint once you have a solid foundation.

A few more tips for beginners:  Limit the number of words on your slides. You should have the major talking points but leave the details for your presentation of the material. Too much text on a slide can be difficult to read as a viewer and makes the main points of your slide more difficult to grasp.  Next, limit the amount of animations and clip art.  As someone who enjoyed cheesy clip art for many years, it pains me to admit that stock photography is much more professional looking than cartoon art.  Find good photos to embed in your presentation instead. (Charts and graphs are good; try chart animations!) Better yet, try one of the PowerPoint templates which will give you a consistent look and feel to your slides right out of the gate.

Finally, practice, practice, practice.  Speak slowly and record yourself so you can hear how you sound and hear your tendencies (do I say “um” too much?).  Also be mindful of the time you are allotted and make sure you are leaving time for questions. If you are given 30 minutes to present, have 25 good minutes of material and be prepared with sample questions if no one asks any.  Anticipate questions the audience might ask and have prepared answers.

Now, let’s focus on the product itself.  Microsoft is continually adding features to its Office365 products, PowerPoint included.  Did you know that you can change the extension of your PowerPoint file to .ppsx and it will open straight into presentation mode?  Do this for your established presentations to save you a step.

Want to jump to a particular slide?  Instead of hitting the back arrow multiple times, simply type the slide number you want to move to while in presentation mode and PowerPoint will automatically move you to that slide.

PowerPoint allows you to copy images straight from your browser into PowerPoint.  No need to save the image to your desktop first, then import into PowerPoint.  For images, try Smart Art.  These are great graphics that can be used for a variety of purposes and have a professional feel. Go to the Insert tab and look for Smart Art and give it a try. Did you also know you can ungroup Smart Art? Right-click the entire SmartArt graphic, click Group, and then click Ungroup. On the same tab, there is an option to insert video.  This is a handy feature as well. Many times, video clips can be very large. You can compress video to make it more presentable by clicking on the File tab and Multi-Media.  Didn’t save your changes and closed out?  Go to the File tab and look for “Recover Unsaved Files”.

Have you ever brought your PowerPoint presentation to a different computer and had trouble presenting it?  It was likely due to the new computer not having the font set you used.  You can embed the fonts into the PowerPoint presentation by choosing Options and Save Options.  Check the box to Embed Fonts. You can confidently move your presentation from computer to computer afterward.

Finally, there are some nice integrations with PowerPoint. Microsoft Forms can let you put forms, quizzes etc. into PowerPoint and third-party tools like Poll Everywhere let you embed polling questions into your PowerPoint to get more audience engagement.

In summary, PowerPoint is an old staple, but there are plenty of new tricks to keep your presentations fresh and engaging. 


Staying Connected in a Connected World

Posted on: August 29th, 2019 by jiml | No Comments

More and more business is being conducted in the cloud. According to a study by Gartner, worldwide cloud services are projected to grow at 17.5% this year. That is aggressive growth and there are not many indicators that this trend will reverse any time soon. Cloud services have many benefits, such as the reduction in capital infrastructure investments, less time to maintain cloud systems and of course, high availability.  Most cloud solutions offer guaranteed uptime and access from different types of devices, whether it be a traditional computer, tablet or smart phone.  The critical component to accessing business information in the cloud becomes the connection.  If your Internet connection is down, so is access to your information.  Having redundancy or a backup plan for your connection is now an important consideration for those companies dependent on the cloud.

Introducing the DNA Edge router from Datto!  This appliance sits at the edge of your network and between your business and the Internet. The device has advanced firewall capabilities built in, content filtering options and other traditional firewall necessities.  In addition, the DNA has 4G LTE failover capability.  If your primary internet connection fails, the device detects this and automatically fails over to a cellular based connection to keep your business operational. The device offers a choice of AT&T or Verizon for cellular plans.  The device comes with bundled services, meaning there is no overage charges for data regardless of how much you use.  There is no carrier contract required either.  It is all handled for you, making this an easy to maintain solution as well as providing your business with the continuous connectivity needed in today’s connected world.

Losing connectivity to your cloud applications hampers productivity!  Don’t let it happen to your business. Contact us today to hear more about your organization’s options for highly available connectivity. We can be reached by phone at (888) 600-4560 or via email at info@coldencompany.com.


Disaster Recovery Planning is Important

Posted on: July 29th, 2019 by jiml | No Comments

Everyone is busy.  In today’s world people are busy even when they are retired.  Business goes to those who hustle, and each business is focused on beating their competitors. Long-term success is not gained by hustle alone.  It is gained by thoughtful planning and follow through. The time is takes to do this type of planning takes away time from the immediate hustle that we are all participating in, but in the end wins out.

Disaster recovery planning is such an activity.  In the words of the great Benjamin Franklin “Failure to plan is planning to fail”.  Disasters can and do happen.  They can take on different forms including natural disasters (which is a minority), user error (statistically the highest percentage), personnel loss and increasingly, a security incident.

More so today than ever, your security defenses are linked with your disaster recovery plans. A ransomware infection, as an example, is both a security incident and a disaster.  The two cannot be thought of separately anymore.

The planning that goes into having a good security response plan and a good disaster recovery plan is the type of work that seemingly takes you away from the hustle that is part of your day to day grind. It is difficult to carve out the time to evaluate your business’ preparedness, but it is absolutely vital.

When I am trying to make the case to an organization that making time for disaster recovery planning is not only necessary but going to make them more successful in the long run, I often refer to Stephen Covey’s “7 Habits of Highly Effective People”. In his book, Covey takes about the four quadrants where people spend their time as outlined in the graphic below:

Figure 1: Stephen Covey’s Time Management Matrix

Most people spend their time in quadrants one and three.  These are activities that have urgency (both important and not important).  Of course, people will spend time on urgent and important activities, which are emergencies and disasters, but Covey argues that truly effective people spend the bulk of their time in quadrant two.  By planning, you avoid those disasters that pull you into quadrant one and effective people delegate the non-important and spend their time on the important.  Disaster Recovery planning is a perfect example of an important but not (yet) urgent activity that Covey is speaking about. If you don’t put the time into preparation and planning, and a disaster hits, you are in for a difficult, quadrant one day.

How confident are you in your disaster recovery and security response plans?   What are you working on today? Are you working in quadrant two as effective people do? Give us a call at (888) 600-4560 or email us at info@coldencompany.com to discuss your plans.


Modern Threats Require Modern Defenses

Posted on: June 25th, 2019 by billp | No Comments

Small businesses increasingly face the same cybersecurity risks as larger businesses but with fewer resources to protect themselves. In fact, according to the 2018 State of Cybersecurity in Small & Medium Size Businesses study by the Ponemon Institute:

  • 67% of small and medium-sized businesses have been affected by a cyberattack
  • 82% of attacks were not caught by traditional antivirus software
  • 61% of SMBs have been attacked by ransomware
  • 70% paid the ransom at an average of $1,466 per incident

Worse yet, between 2017 and 2018:

  • Data breaches are up by 4%
  • Cyberattacks are up by 6%
  • Ransomware incidents are up by 9%

We can expect these numbers to increase when the 2019 figures are tallied. The fact is that the problem is only getting worse; it’s not a matter of “if” but “when.”

The traditional concept of “antivirus software,” which arose with the first products released in 1987, started to enter obsolescence sometime early this decade. Industry leaders first began noticing the decline around 2012 when the volume of malware samples began to outstrip the ability of antivirus vendors to write new signatures to block the malware. Both the volume and sophistication of malware has continued to increase exponentially; it’s estimated that there are now 350,000 new variations of malware per day.

To make matters worse, malware and ransomware are a valuable criminal enterprise, incentivizing the cybercriminals to try harder. Aside from ransomware payments made, ransomware damages are predicted to reach $11.5 billion in 2019. Ransomware costs include damage and destruction (or loss) of data, downtime, lost productivity, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hostage data and systems, reputational harm, and employee training in direct response to the ransomware attacks.

New threats require new solutions. Any product that attempts to protect the endpoint (desktop, laptop, etc.) in this era of vulnerability and risk can’t just target present threats – it must also be future-proof.

Enter Endpoint Detection and Response (EDR) solutions, which target malware behavior instead of identity. The number of malware behaviors is considerably smaller than the number of ways a malicious malware might look, making this approach suitable for prevention and detection.

Consider this analogy. Security professionals (e.g. soldiers, police, guards, etc.) might stop someone and ask for identification. If an ID is provided, is that it? Is any criminal with an ID guaranteed to bypass security? The answer is no. Thankfully, well-trained security professionals receive extensive training to help them spot suspicious behavior which may indicate that someone is not who they say they are.

EDR solutions are the well-trained security professional for your network, providing the following sophistication protections and many more:

  • Real-time protection for known and unknown threats
  • Protection from polymorphic and disguised threats
  • Watches processes as they run in case they “turn bad”
  • Allows quick rollback to a known good state when an attack does occur

Are you ready to have a well-trained security professional guarding your network 365x24x7? Contact the security professionals at Colden Company at 888-600-4560, email us, or visit us on Facebook or Twitter.

Get the Most From Your Phone System

Posted on: May 28th, 2019 by jiml | No Comments

Are you a running a small to mid-size business and looking for better value out of your phone system? Colden Company can help!  Colden Company is a provider of best-in-class Voice over IP (VoIP) phone systems with guaranteed uptime.  Our cloud PBX system offers many advanced phone features like:   

  • Voicemail to email transcription
  • Follow-me feature (find me on my cell phone)
  • Call center capabilities
  • Configurable call routing
  • Automatic failover
  • Web faxing
  • Call Reporting
  • Soft phone apps for desktop and mobile

In today’s mobile world, cell phones can be integrated into the phone system with “follow-me” functionality where your cell can ring either simultaneously or sequentially with your office phone. Soft phones or apps are available to you can make calls on your computer or cell phone from your business phone system are also key advantages.

The cloud-based PBX means no equipment to install on site and low entry costs.  The configurations are stored in our cloud system and protected with state-of-the-art security as well as a 99.999% uptime guarantee. No local equipment to fail or replace (except actual phones).  What happens when your Internet service drops?  Customers still get through!  Your auto-attendant is in the cloud and will answer.  When the cloud-based PBX notices your Internet is down, the backup numbers are automatically rung as you configured.  (Perhaps redirected to a remote office, or to your cell phone.) Each extension can have its own backup number as well.

Our cloud-bases system also gives you flexible conference bridges, screen sharing software for collaboration and more.  The comparison between the functionality of today’s modern phone system and analog systems of the past is no comparison.

Want to hear more?  Please watch our video here or contact us at (888) 600-4560,Email us, or visit us on Facebook or Twitter.

 


Share on Google+

Using OneDrive for Business

Posted on: April 24th, 2019 by jiml | No Comments

Microsoft’s cloud file storage solution is called OneDrive. It is their competing product to Google Drive or Apple’s iCloud. There are many advantages to having file storage in the cloud including, data accessibility. Files store in OneDrive can as easily be modified from home as in the office. OneDrive is integrated with Microsoft’s Office365 product and there are some important distinctions that must be clarified before rolling out to an enterprise. First and foremost, OneDrive Personal and OneDrive for Business are not the same. Many people assume OneDrive is one entity, either OneDrive Personal or Business, and do not understand they may not be getting the feature set they are expecting.

OneDrive for Business has much more capacity than the personal OneDrive. It comes with a terabyte of storage per user as opposed to five gigabytes for personal. OneDrive for Business offers end-to-end encryption with files securely stored in the cloud, OneDrive personal does not. OneDrive for Business has some additional features like version history, data loss prevention (depending on the plan) and advanced search options that are not available in the personal edition. Click here for more on OneDrive from Microsoft.

How do you know which version you have? There are a few key indicators. First, your OneDrive for Business icon in the system tray will be a blue cloud, whereas the personal OneDrive will be a white cloud. If you are still unsure, right click on the icon and choose the “Settings” tab and you will be shown the amount of available storage. If you see “1 TB”, you have OneDrive for Business, if you see “5 GB” you are using the personal.

Before rolling out OneDrive to your enterprise, there are a few key considerations that must be determined. Data accessibility and data security are often at odds. Take a good look at your data and think long and hard before putting any kind of protected data in the cloud. Data that businesses have a legal obligation to protect may not be a good fit for OneDrive. If you do decide to put protected information in the cloud, make sure you spend the time to properly secure it. There are ways to secure that data in OneDrive, but it requires some planning and configuration. OneDrive also has syncing capabilities so files and folders can be in the cloud but also synced down to local clients. This is another area where careful consideration must be given prior to rollout. If you allow syncing to local clients and have large amounts of data in the cloud, it can easily cause local hard drives to fill up prematurely.

Finally, we recommend looking at the entire Office 365 suite of products and decide which are the best for your business to utilize. Perhaps Teams is a better place to store data than OneDrive for certain test cases. Perhaps you already have SharePoint savvy users and may want to choose SharePoint Online over OneDrive. A holistic look at your business and the tools available is recommended so the best decisions can be made.

These are just a few of the considerations that businesses must plan for prior to a rollout. Careful planning ahead of time will likely determine whether your business deployment of OneDrive is a success or a failure. In the words of great American Ben Franklin, “Failing to plan is planning to fail”.

Interested in hearing more?  Please click here for a recording of our webinar on OneDrive for Business or call us at (888) 600-4560.

Email us, or visit us on Facebook or Twitter.

 


Share on Google+

Tools for Browsing Safely

Posted on: March 29th, 2019 by jiml | No Comments

One of the more common ways that computer users pick up malware and viruses is through web browsing.  Often times, users are not trying to be malicious, they are trying to accomplish something constructive.  Perhaps they are searching for the latest update for Adobe Reader and click on the first link they see without checking to make sure the site is really Adobe.  If it is not a legitimate site, users can easily download viruses or malware unwittingly.  This malware can cause the business a loss of productivity and real dollars to combat and clean up. This scenario is repeated across businesses everywhere every day.

The good news is there are tools to help prevent this type of problem from occurring at your business.  We will focus on two in this post.  The first is our web protection tool. Web protection is a program that runs behind the scenes on your computers and compares Internet sites against a list of known bad sites or sites your company has chosen to block.  In the example above, the user would receive a message that the site they clicked on has been blocked for their protection. Web protection offers a lot of flexibility for a business.  Management can create different policies for different users.  For example, if a company wanted to block social media sites but allow it for their marketing team so company sites can be kept up to date, that is possible.  Not every user should have the same policies and web protection offers that flexibility.

There is another tool available as well for safer browsing called Application Guard. If you have Windows 10 and the appropriate hardware behind it, Application Guard can be activated within Microsoft’s Edge browser.  Application Guard will essentially open web pages in the Edge browser in a contained virtual environment. Anything that happens in the session stays within the session and dies with the session.  This means any malware infections would corrupt the virtual browser and not infect the computer itself.  Simply closing the Application Guard browser kills the virtual machine and any infections along with it.  In technical circles, Application Guard is referred to as a sandbox.  You can play in the sandbox and what happens there stays there. (Sounds like a catch phrase for a certain city in Nevada doesn’t it?)  Application Guard is not turned on by default and there is some thought that should be put behind it before deployment.

Interested in learning more? Please contact us at (888) 600-4560.

Email us, or visit us on Facebook or Twitter.

 


Share on Google+

Are You Paranoid? Anatomy of a Successful Hack

Posted on: February 25th, 2019 by jiml | No Comments

Are you paranoid? If so, good! Studies have shown that users who are paranoid about data security are actually more secure! A recent study from Datto, also reported that only 36% of small to medium sized businesses feel ransomware is a significant threat. Compare this to those that work in the Information technology field where that number jumps to 89% who feel ransomware is a significant threat. This is a very large gap between the general public and those in the technology field. Perhaps technology professionals deal with data security on a daily basis and are more in-tune with the threats. Regardless, it is surprising that only 36% of small to medium sized businesses take ransomware seriously. It might pay to be a little more paranoid.

In addition to ransomware, there are other significant threats out there. As we mentioned in a previous blog post, the majority of successful hacks start out as phishing emails. Phishing emails are much more sophisticated than in years past and hackers identified where they are going to make their money. The tactic is to attack people working in finance and management. Executives and finance workers are the primary targets of Business Email Compromise attacks.

Anatomy of an Attack

The hacker will send phishing emails to attempt to trick the user into entering their email credentials. They accomplish this by simulating emails from various popular email platforms like Microsoft Office 365 or Google’s G Suite service. There is a good chance at least some of the people they are phishing will use one of these popular services. Once the user enters their credentials, the damage is done. The hackers will immediately download the users email and later scour it to see who they might be able to attack next to extract money, like a payroll company, or  a customer or vendor. They will use web mail services to gain access to the phished users account and be able to send out emails as that user. (Legitimately coming from their account!) They will set up email rules to deliver responses from targets to themselves and ensure that the unsuspecting hacking victim in finance never sees the correspondence. They will send emails to payroll providers saying, “Please set up a 1099 worker quickly and wire them a paycheck to this account” or email a customer saying, “Please pay this old invoice ASAP or services will be discontinued”. The receiver will see this email as legitimately coming from the hacked finance user, someone they know. The victim may even correspond with the hacker via email asking questions, thinking they are talking to their finance contact. The unsuspecting hacked finance user will never see these conversations.

These attacks are the fastest growing type of attack statistically. They are a real threat to your business. How can you protect your business? Here are a few of the top methods:

• Educate users about the threat
• Enable two-factor authentication for email
• Disallow forwarding to external domains
• Ensure quality spam filtering
• Set SPF records for your domain
• Perform phishing simulations

Are you paranoid? Perhaps the better question is “Are you paranoid enough?”. The threats are real and businesses suffer financial harm every day as a result.

If you would like to discuss how better protect your business, call us at 888-600-4560, email us, or visit us on Facebook or Twitter.