Internet of Things

Posted on: November 26th, 2018 by jiml | No Comments

There is a lot of buzz about the Internet of Things; connected devices that communicate and ultimately improve quality of life. We see a lot of conversation around “smart cities” and “connected buildings” that utilize IoT technology to gather information, process it and deliver an upgraded experience to users or citizens. This area of emerging technology is an area of opportunity for businesses but also an area of risk. After all, adding more devices to the Internet also gives hackers more data points to attack to compromise networks and gain access to sensitive data. A poor implementation of IoT devices can lead to a negative experience, but those risks can be managed and ultimately should not prevent businesses from taking advantage of the opportunities that IoT can bring to your business.

Take a simple example, you are an HVAC company that installs a managed thermostat or temperature sensor in a commercial building. If that device gets hacked, that can lead to liability for your business for damages caused to the customer network, not to mention the possibility of losing that account. There can be a grey area of responsibility as new technology gets rolled out. One way to mitigate risk is to clearly define, in writing, what responsibilities your business takes for IoT devices installed on customer networks and just as importantly, what responsibilities your business is not liable for. Managed properly, the device can give your technician valuable information on temperature to deliver better results for your customer.

When selecting an IoT product for deployment, most businesses look at functionality of the device and no further. In today’s world, an inspection of security must be a part of the process. Performing this inspection upfront can also help reduce risk. This is where partnering with a company like Colden Company can pay dividends. Allow partners with expertise in the security space to advise you on that aspect of your IoT project.

From a technology standpoint, simple precautions like implementing VLANs that separate the device management network from the customer network can reduce risk. Also, implementing a plan to patch and upgrade device firmware regularly can reduce risk. Proper upfront configuration of IoT devices, as well as a management plan are both part of a successful deployment of IoT devices.

With the proper precautions, IoT can be a differentiator for your business. Do you have an IoT project your business is planning to roll out? Give us a call and let our experts help you with the planning a deployment. Not sure how IoT can help your business? Call us at 888-600-4560, email us, or visit us on Facebook or Twitter.

Disaster Preparedness

Posted on: October 19th, 2018 by jiml | No Comments

The emphasis on data security is rightly overshadowing all other technology topics today. The threats are real and dangerous to your business. Since we are all the kind of people who can chew gum and walk at the same time, we have the mental bandwidth to consider disaster preparedness as well.

The hurricane season is hopefully winding down, but not before Hurricanes Michael and Florence did real devastation to areas on our eastern seaboard. Our thoughts and prayers are always with the families of victims whose lives were lost in those storms. As a business entity, business continuity is a topic that requires thoughtful planning. Many businesses relegate this task to their IT people, but it is NOT an IT function. Certainly, IT has a place at the table but businesses that have successful business continuity plans have executive sponsorship from someone at the C-level in the organization. Business processes need protection as well as data.

One question we urge our customers to consider is “How long can I reasonable be without a particular business function during a disaster?”. This defines the recovery time objective for that function. Different business functions may have different recovery time objectives and that is fine. One mistake we commonly see is business that overestimate their ability to handle downtime. Time and time again, we hear a business can survive a couple of weeks without their systems, but when the Internet goes out for 20 minutes, their office is in chaos. Setting unrealistic expectations for how downtime will impact your business is only fooling yourself. Get the opinion of several key people throughout the business and come to a common consensus.

Once the recovery time objectives are defined, it is time to evaluate your existing business continuity plans. Do they meet the stated recovery time objective? Here is another area where we see businesses fail in planning. Do not expect everything to go smoothly during a disaster. It surely will not. We see businesses underestimate the time it will take to recover from a disaster. Again, here is an area where a faulty number will only cause your business grief in a real-world disaster. Be realistic.

If a gap is discovered between the recovery time objective and the current business continuity plans, it is time to research options. Many businesses incorrectly assume that since their data is backed up to the cloud, they will be able to access it when they need it. In many cases, you need to have the underlying infrastructure in place to restore that cloud data to in order to recover. Not so, with the backup and disaster recovery (BDR) appliance. From a technology perspective, Colden Company is a proud partner of Datto, a leading provider of backup and disaster recovery appliances. This technology can greatly reduce downtime by allowing businesses to virtualize their infrastructure either locally, or in the event of a site disaster, in the cloud. These are backups you can use. (hence the disaster recovery component) Imagine being able to spin up an exact copy of your production servers in the cloud in minutes after a disaster. That is the power of the Datto solution. We recommend this solution frequently for those that have a gap in between their stated recovery time objective and their current plans.

Want to hear more? Call us at 888-600-4560, email us, or visit us on Facebook or Twitter.

How Well Do You Know Colden Company?

Posted on: September 25th, 2018 by jiml | No Comments

Colden Company is proud to have been in business supporting our customer base for over fifteen years. Our success and staying power are a reflection not only of our deep commitment to our customers but also a testament to the successful customers that we service. Without you, we are nothing. Thank you.

We pride ourselves on providing best-in-class technology AND service. Each Colden Company employee we hire goes through a customer service training program. After all, our product might be technology, but our business is providing you with excellent service. We do several things to differentiate ourselves on this front and want to make sure our customers are aware of these benefits. Here is a list of ten things you might or might not know about us:

1) Did you know that we have free videos on our web site that can be valuable to your business? Our videos are designed to be short, yet informative. Security topics as well as Office applications functionality can provide a reduction in risk or boost in productivity for free!

2) Our agreements are the most flexible in the industry. We offer 1- ,2- and 3-year terms and our agreements do not restrict you from adding or removing services during the agreement term.

3) We offer a variety of agreement choices including prepaid hours per month or unlimited support options for those that prefer it.

4) Leasing options are available with Colden Company when large upgrades are necessary.

5) As a Managed Security Services Provider, we have a strong set of security solutions to protect your business – from external vulnerability scanning, to PCI compliance assessments, to phishing simulations, to security reviews, to PII data breach scans, to dark web searches, to mobile device management and more.

6) A 2016 study showed that Colden Company far exceeded industry-average response times for ALL categories of service calls from emails to urgent calls to low priority issues. Our response times beat the industry average significantly in each category.

7) We use automation to help make your system run more smoothly. By proactively and automatically performing certain tasks, we can keep your network up and running more quickly without generating a service ticket or expense for you. If you are a Managed Services customer of ours, we are already doing this for you.

8) Many of our customers are already working with us on Life Cycle Planning this fall. This is a service where we help our customers plan and budget for the upcoming calendar year’s IT expenses. We are not just here to fix things that break. We help you create and implement a business-aligned IT strategy.

9) Perhaps what we are most proud of is that our customer satisfaction surveys currently stand at 98+/100. We have been sending random surveys out for close to five years and hundreds of surveys have been sent to date. Our responses have been unbelievably positive with a score of over 98 out of 100 on average.

10) Did you know Colden Company is named after Mount Colden in the Adirondack Mountains in NY? Colden Company President, Jim Lapointe, is an avid hiker and climbed Mount Colden again this summer. (For those of you in upstate New York that remember the weather on the 4th of July, it was a hot one.)

We are here to help make our customers successful in any way that we can. We understand that your success flows to us as well. Our business model is built around developing long-lasting relationships and continually improving our service and service offerings. We welcome your feedback and if you would like to hear more or take advantage of any of the benefits listed above, please reach out to us. Call us at 888-600-4560, email us, or visit us on Facebook or Twitter.

Phishing Scams Part 2

Posted on: August 29th, 2018 by jiml | No Comments

Last month we focused on the developments in phishing scams as the topic of our blog. Based on the high volume of interest in the topic, we are going to continue the conversation this month. Just to summarize a few of the key points from last month’s blog posting:

• 91% of data breaches come from phishing attacks
• Phishing attacks are becoming more sophisticated
• Phishing attacks are becoming more numerous
• Phishing attacks are becoming more dangerous

Another trend we did not speak of last month, is the increase is regulation and compliance surrounding the security of data, particularly personal identifiable information (“PII”). The federal government has been discussing a bill that would impose a uniform set of standards around data collection and responsibilities much like the European Union did with GDPR (General Data Protection Regulation). For now, most states have a statute on file for businesses to follow, many of which are vague at best. We expect to see a strengthening of these regulation at the state level (many states have already committed to this) and more uniformity. If the federal government passes a statute, we will have uniformity nationwide.

It is also worth mentioning that according to RapidFire Tools, 2017 was a record year for fines for businesses that failed to meet their data security responsibilities. These fines are being leveled by state Attorneys General offices in many cases. We expect this trend to continue as well. This means businesses have increased liability surrounding data security.

Let’s bring the conversation back to phishing scams. The increase in risk and liability surrounding data breaches indicates that businesses should do more to combat the threats to their business. Phishing scams, as mentioned above, account for a high percentage of the data breaches so this is a logical place to put resources. Colden Company offers phishing simulation tests for your organization. These tests will send your users topical phishing simulations (without the risk) and determine who the “clickers” are in your organization so that targeted training can occur. Sample emails are kept current with the latest discovered real-world phishing scams, so the tests are simulating scams that your users could be exposed to any day. There are a plethora of other advantages to the phishing program we have developed including video training sessions, specialized email content for quick consumption by users and dark web scanning to see what data might have already been compromised that you might want to be aware of.

Want to hear more? Call us at 888-600-4560, email us, or visit us on Facebook or Twitter.

Not Your Father’s Phishing Scam

Posted on: July 30th, 2018 by jiml | No Comments

According to a recent FBI study, the weak link in security is us! (People) Specifically, people who click on things they should not or give out information they should not. Cyber Criminals have put a high emphasis on targeting the human element of businesses. The easy way to bypass technology security measures is to trick someone into letting you in! Once the hackers have valid credentials into a network, they will have the same access rights as the person they hacked and give themselves a platform to try and escalate those privileges even further.

Social engineering and phishing scams have evolved greatly in the last few years. Gone are the days when phishing emails were poorly spelled emails from a supposed Nigerian Prince looking to get your bank account information so he can deposit a million dollars in it. Today’s scams are much more difficult to detect and often specifically arranged to try and fool employees of your company. One technique is called email spoofing, where the hacker pretends to be an influential person in your organization. This is an incredibly easy hack to pull off as most businesses have information about their management teams on their web site. In addition to these phishing emails becoming more sophisticated and more common (one recent study by a prominent anti-phishing platform estimates 91% of data breaches come from phishing attacks), the damage done by hackers is also on the rise. Some strains of ransomware will infect your Master Boot Record and essentially turn your computer into a brick if the ransom is not paid. In cases like this, hackers are not after your information, they are purely going after your money. No ulterior motive in play here.

**Remember** : When your business get hacked it doesn’t just affect your business. Once a hackers compromises your email, as an example, they now can see who you communicate with and they will start attacking your customers, your vendors and your partners. A hack at your place of business can cost you business relationships!

Employee awareness is a key component to a comprehensive security plan. What can be done to combat the kinds of sophisticated phishing attacks that are on the rise? Colden Company has a service that will generate phishing emails (without the dangerous results if users click on them) so that you can identify who needs more training and awareness of these types of scams. Every business has them. You could send an email with skull and crossbones, with a note that says “Do Not Click” and someone in your organization will click it. After-all, somebody was falling for the Nigerian Prince scams or they would not have continued for so long. These are the people that put your business at risk! These are the people that specifically need targeted training. Our phishing tests will do just that by sending out sample emails and identifying who is clicking and providing training and feedback immediately.

Today’s cyber world calls for increased security and increased employee awareness. To find out who your “clickers” are, call us at 888-600-4560, email us, or visit us on Facebook or Twitter.

Security for the SMB (Small-Medium Sized Business)

Posted on: June 27th, 2018 by jiml | No Comments

According to a study conducted by VISA, 85% of data breaches occur at small businesses. This is no accident. The simple reasons are 1) there are a lot of small businesses and 2) small businesses are easier targets than large enterprises. Many small businesses are under a mistaken impression that they are safe because they are small. “Who would want to hack my small business?” they say. Security by obscurity, as it is called, is a myth.

The fact of the matter is hackers often do not target your small business. They simply attack what is available to them. Many hacker tools work by inputting a range of IP addresses. These are public IP addresses that is the Internet-facing portion of a business. Hackers often do not know who is behind those IP addresses and therefore do not know if they are attacking the Pentagon or Joe’s Crab Shack. The tools return vulnerabilities that can be exploited at each address. Which entity do you think has more vulnerabilities presenting themselves, the Pentagon or Joe’s Crab Shack? As a generalization, small business does not have the same level of resources to spend on data security that large organizations have. This leaves them as targets to hackers looking for low hanging fruit to attack. Another analogy is the car thief in downtown Manhattan. If he sees a car with the club in the steering wheel, he is going to move on to an easier target as there are seemingly endless targets.

So, what can you do as a small business to protect yourself without breaking the bank? Here are some low-cost but effective ways to improve security:

1) Create stronger passwords. According to a Mastercard study, current hacker programs can crack a 6-digit password in about ten seconds. Stronger passwords are one of the most important things businesses can do for protection. Use password managers like LastPass and KeePass to help you manage those stronger passwords.

2) Lock your computer when you are away. If you have any sensitive data or PII (Personal Identifiable Information) such as credit card information, health information, social security numbers or other human resource data, you have an obligation to protect that data. Make sure your computer screen is locked or locks automatically when you are away.

3) Use encryption. Microsoft has a tool called BitLocker built-in to Windows 10 Professional so the data on your computer will be less likely to be stolen. Laptop users specifically should do this as they are far more likely to be stolen than desktops.

4) Educate your staff. Employee Awareness programs may soon be required for businesses storing protected data. Many scams can be pulled off without any actual breach of a businesses’ defenses. Hackers simply use social engineering to trick employees into giving up information or money.

5) Take security seriously. Many small businesses do not take the threats seriously enough…until a breach occurs. Breaches are costly on many levels and can be a death blow to a struggling business. The threats are real.

Need help improving security without breaking the bank? Call us at 888-600-4560, email us, or visit us on Facebook or Twitter.

End of Life Countdown for Windows 7, Windows Server 2008 R2

Posted on: May 25th, 2018 by jiml | No Comments

Microsoft will be ending support for Windows 7 and Server 2008 on January 14, 2020. This means no more security patching and no more support from Microsoft. Windows 7 will go the way of Windows XP.

This planned obsolescence of these operating systems can be viewed negatively as Microsoft’s way of forcing us all to Windows 10, or we can look at it positively that Microsoft has given us all ample time to prepare, plan and budget for this eventuality. The transition can be smooth if your business takes the time to plan and prepare. Those that wait until the last minute will be scrambling to upgrade or worse yet, do not complete the upgrades and find themselves the victim of a data security breach because of an unpatched vulnerability on a Windows 7 computer.

The good news is that Microsoft has precedent of patching egregious security flaws on expired operating systems on occasion. That is not something we can count on and we also need to be aware that in past cases the onus is on the user to know about, find and install the proper patches if Microsoft decides to release a patch for an expired operating system. With the state of cyber threats that are present today, this is not a scenario we would recommend for any business.

Can you upgrade to Windows 10 or do I need to buy new computers?

In most cases you can upgrade to Windows 10. Older hardware may not be compatible, so it does make sense to take an inventory of your desktop workstations and decide based on age, hardware and purpose if the computer should be replaced or upgraded.

For my Windows Server 2008 R2 server, can I upgrade, or do I need to buy a new server?

While there is a migration path to Server 2012, Colden Company Inc. recommends replacing server hardware. There are several reasons for this. The first being, if you are running Server 2008 R2, chances are the hardware is reaching end of life from whichever manufacturer it was purchased. Dell, as an example, provided seven years of hardware support for a server. A second reason for replacement is there is a new operating system than 2012 out there, 2016. If you are replacing you might choose the operating system that will give you a longer life cycle.

What else should I be concerned about when upgrading?

In short, applications. It is important to ensure that your important applications can and are supported on these newer operating systems. The good news is that Windows 10 and Server 2016 have been out in production for some time giving application providers plenty of time to adapt. Also give thought to what you want to do with your old computers if replacing them. Do the hard drives contain sensitive data and need to be wiped or destroyed?

In summary, your business should have a documented plan on how you are going to prepare for and budget for this event. I will refer to my often-used Steven Covey’s 7 Habits of Highly Effective People here and remind our readers that effective people spend their time on important and perhaps non-urgent tasks like this. Ineffective people put off these important tasks in favor of more time sensitive yet less important tasks until the important task becomes an emergency. Put another way “Failing to plan is planning to fail”.

Contact us today so let us help your business put together a comprehensive migration plan and protect your business data from the retirement of Windows 7 and Window Server 2008 R2. Call us at 888-600-4560, email us, or visit us on Facebook or Twitter.

Microsoft Office 365

Posted on: April 25th, 2018 by jiml | No Comments

Microsoft Office is called a “productivity suite” for a reason. Some of the programs that comprise the Office Suite have been staples of business for many years, such as Word, Excel and Outlook among others. With today’s Microsoft Office you read about products like Yammer, Skype and Teams. Are these programs that can help your business productivity?

First, let’s be clear that not all of these programs are available with each subscription. Microsoft has been heavily touting it subscription-based versions of Office for some time. Those adverse to a monthly recurring cost won’t like a subscription model, but it does come with some key advantages. We have covered these in the past, so we will be brief here and focus on two key benefits.

1) A Microsoft Office 365 subscription is licensed to a user and allows up to five copies of that license to be used for different types of devices. (five computers, five tablets and five phones). That is a lot of copies of Office at no extra cost.
2) Upgrades and updates are included. When Microsoft releases Office 2019 next year (or likely late in 2018), you will be entitled to it as a subscription user instead of having to buy the licenses.

(Please be aware that Microsoft has advertised that Office 2019 will only be supported on Windows 10.)

The on-premise versions of Office (think traditional Office) will not include tools like Teams and Yammer. (Skype for Business is included). Microsoft is trying to incentivize the use of the Office 365 subscription even further by making the tools only available via the subscription model. Even among the subscription model, Office 365 Business does not contain licenses for these new tools and sticks to the traditional apps. Office 365 Premium contains the new tools at a higher price point. Click here to compare.

So, what is Yammer? Yammer is a social media platform for your business. Employees can post, make announcements and it has a look and feel like other notable social media platforms like Facebook.

How about Teams? Teams is a chat/Instant Messenger/conferencing platform that will likely cause Skype to be phased out by Microsoft. It has similar capabilities of Skype such as video conferencing but more robust and more integration capability.

Think your business can benefit from these tools or perhaps save money by using them? Even if you aren’t needing tools like Yammer and Teams, there are clear benefits to the subscription model of Office. Give us a call today to find out more and let our team of professionals help you decide the best path forward for your business.

Call us at 888-600-4560, email us, or visit us on Facebook or Twitter.

Is Your Web Site Ready for Browser Security Changes?

Posted on: March 23rd, 2018 by jiml | No Comments

Did you know that starting in July 2018 with the release of Google Chrome 68, Google will be marking all web sites that connect via HTTP as insecure ? Google is pushing companies to create secure connections to their web sites by using HTTPS. HTTPS differs from HTTP in that it uses encryption to create a secure connection from the user to the web site rather than a clear text connection that a traditional HTTP connection would create. Many of you are likely familiar with HTTPS from going to banking sites or retail sites that want to protect the communication from the customer to the web site.

Other browsers are also moving in the same direction. Mozilla has committed to doing the same in future releases of Firefox.

Is your company web site ready for this? If not, when potential customers attempt to visit your web site they will be see a message that the site is not secure which can turn away potential business.

What do I need to do?

In order to allow users to connect to your web site using a secure connection (HTTPS), your website will need a security certificate. The proper installation of a security certificate on your web host will ensure a secure connection to your site visitors. Please note that installing a certificate does not secure the web site itself, only the connection. The backend files are not any more protected after a security certificate is installed as before.

Upon completion of the certificate install, there might be some changes needed to your web site code to ensure your pages are using HTTPS by default. Consult your web developer for this.

The good news is that the move to HTTPS has already gained momentum. Over half of the sites on the Internet are already using HTTPS. The end result will be a more secure Internet for all of us.

Need assistance? Call us at 888-600-4560, email us, or visit us on Facebook or Twitter.

New Ransomware Threats and How to Defend Against It

Posted on: February 23rd, 2018 by jiml | No Comments

In what should not be a surprise to anyone reading this, 2017 surveys have shown that ransomware attacks against businesses like yours increased in 2017 over 2016. (4.3 times as many to be exact) The hackers behind these attacks have been so successful in monetizing their attacks that they have tremendous resources at their disposal to hone their craft. The end results are attacks that are more sophisticated and more destructive. If you are unsure what ransomware is, please see our video.

2017 saw attacks like WannaCry that did not use the traditional methods of infecting computers. Email attachments and links are still the most common method of contracting ransomware, but we are seeing different threat vectors targeting businesses. In the case of WannaCry, it attacked vulnerabilities in the Windows operating system. Users did not need to click on a bad attachment or go to a bad web site to be infected. They simply had to be targeted and not have installed the patches that Microsoft provided for the vulnerability.

2018 has seen a rise in ransomcloud viruses which attack cloud services like Microsoft Office 365, a popular email platform. Users would receive an email appearing to be from Microsoft and prompt the user for credentials. Once provided, all of the users’ email would be encrypted and unreadable without the decryption key, which the hackers held for ransom.

We, of course, encourage users to never, never, never (you get the point) pay the ransom. Paying the ransom perpetuates the cycle by giving the bad people more resources to put toward their scams. Once you have contracted a ransomware virus, restoring from backup is the best way to recover your data. Cleaning the infection out of your system should of course be the first step in remediation, followed by restore. For ransomcloud viruses affecting Office 365 it is important to note that businesses have options. There are reliable and cost-effective solutions for providing comprehensive backups to your Office 365 (or Google’s G Suite) data. Having this extra layer of protection can come in handy for other reasons in addition to malware as well. Want to recover an email from two months ago? How are you going to do that? With our solution, a simple phone call or email gets the process started. Too much business is conducted via email in today’s world to leave your email recovery to chance.

To hear more, call us at 888-600-4560, email us, or visit us on Facebook or Twitter.