Out of Office Replies (OOFs) are so ubiquitous and so…boring. But you can do better. I stumbled across a terrific New York Time’s article today with some of their favorite reader-submitted OOFs, and some of them are fantastic. My personal favorite: “If you need me you’ll need to send a carrier pigeon.” We should all have a vacation or holiday with family like that.
Petya ransomware is spreading swiftly this morning, mainly in Europe so far, although it is already being detected/reported in America as well. Like WannaCry, it infects your system and encrypts your files, then pops up a notice telling you to pay a ransom in Bitcoin to gain access to your files. Unlike WannaCry, it infects your Master Boot Record, preventing your computer from even booting up. Once it has been downloaded on one machine, it can spread swiftly throughout the network to other PCs and servers. (If you’re feeling geeky, more in-depth details can be found here and here.)
At this time, it appears that it is mainly coming in through infected email attachments, particularly attachments that look like Microsoft Word documents, so once again, the best protection is to avoid attachments. If you are not expecting an attachment from someone, even if it appears to be from a friend or colleague, don’t open it. If you think it may be important, give them a call and verify that they intended to send you something.
As always, please let me know if you have questions or concerns.
As many of you already know from news reports, this ransomware has spread rapidly since last Friday and affected hundreds of thousands of systems worldwide. So far, it seems to primarily be spread through e-mail attachments, and affects Windows PCs and Servers. Once it has been downloaded, it encrypts the files on the affected system, as well as any other files it can reach through the network, such as mapped server drives, and pops up a ransom demand. It’s difficult or impossible to recover your data once it has been encrypted, so this a very serious issue.
On the bright side, it is extraordinarily unlikely to affect most of you as long as your systems are up-to-date. Microsoft released a patch back in March that fixes the security flaw this ransomware takes advantage of, so if your PCs have the latest Windows security updates and patches you shouldn’t be affected even if you were exposed.
Ransomware has been circulating widely for several years now, and will likely continue to be an issue for the foreseeable future in one form or another, so there are a few things you should consider with regards to this issue, and others like it.
- Making sure your PCs and servers have the latest security patches. This is critical – if you aren’t sure this is happening, please let me know so we can verify.
- Downloading attachments is hugely problematic – most viruses and ransomware are spread through attachments at this point. If you are not expecting an attachment don’t open it, even if it is from someone you know – they may have been infected and their PC may be sending out viruses without their knowledge. If you aren’t sure but think it may be something you want, give the sender a quick call and verify that they intended to send you something. Also, consider sending files using a file sharing service like Dropbox or Sharefile rather than sending as attachments. These services are much more secure.
- Good antivirus and spam filtering can dramatically reduce the risk of these types of issues – nothing offers perfect protection, but making sure you have up-to-date, quality virus protection greatly reduces your risks and an offsite spam filter can stop most viruses before you download them in the first place.
- Have an offsite backup. If you don’t already, consider a cloud backup service like Carbonite. If you do get infected, ransomware can encrypt your backup drive(s) as well as you actual PC and server, rendering your backups useless. It is critical to have an offsite backup. I like Carbonite because it’s secure, HIPAA compliant, and runs automatically without the hassle of a staff member having to remember to swap backup drives and make sure one gets offsite. However you are doing it though, it is absolutely critical that you have an offsite backup of your data.
That’s about it for now. Be careful out there with your downloads and attachments, and as always, please let me know if you have questions.
If there is one thing most small businesses can agree on is that time equals money. Small business owners are in a position where they have to be a jack-of-all-trades, often spending most of their day wearing different hats. This is the nature of the small business and while expected is not always the best use of time. In order for a small business to be successful and remain competitive in an industry, there must be designated time for the owner to focus on growing and building the business. In many cases small businesses fail as a result of being unable to handle emergencies or other situations that are simply beyond the control and expertise of the owner. Leveraging Managed IT Services can help.
Any business that relies on technology, which covers almost every business operating today, can benefit from managed services. Managed services providers understand that not every business has the ability to pay for an internal IT department which can be very expensive yet necessary to ensure all aspects of technology are supported. Without this backup, many small businesses find themselves in a position where they have to foot a very expensive bill to recover from a disaster or emergency. In other situations, using out-of-date or ineffective technology is simply a waste of both time and money on the part of the small business.
Here we look at how small businesses can make the most of their time and money by hiring a managed services provider.
- Focus on running the business- One of the major benefits of outsourcing your technology needs is that the owner and employees of the company can focus 100% on their individual duties to keep the business moving in the right direction. This is the most valuable use of time for all parties involved, instead of hours or even days lost when trying to deal with technological issues that in house employees are not trained to handle.
- Offer expert advise – There are many small businesses that simply do not know what they need to improve the functionality of their business. The old adage, “what you don’t know can’t hurt you” does not apply in all cases. By consulting with a managed services provider you may discover areas of your business which can be improved that you previously thought were working “just fine”. Expert advice may be able to help you improve the efficiency of your business while positioning you better within the industry.
- Support when you need it – Managed IT Services Providers are not only there in the event of an emergency or recovery, but also provide monitoring which can invaluable in preventing problems before they can impact the business.
It is important for every small business to carefully examine their technical needs in order to see what services will be most beneficial to the company. Managed IT Services Providers can offer services that not only reduce technology costs over time but also improves functionality which in turn saves time. When this balance is achieved a small business is in the perfect position to thrive and grow.
Homeland Security has issued a bulletin recommending that QuickTime be removed from Windows PCs. QuickTime has been confirmed to have critical security vulnerabilities, which Apple has made clear will not be fixed as they are dropping support for QuickTime.
Not sure if you have QuickTime installed? If you’ve installed iTunes, you probably do, as QuickTime was often bundled with iTunes installations and updates. An example of the logo is above.
Because of the high profile of this security vulnerability and the lack of support for the product, I would suggest you do go ahead and uninstall QuickTime. You can do this through Add/Remove programs; and as usual, if you have any questions or problems removing it please let me know, and I will be happy to assist
*** Update ***
There is one caveat for folks who use Adobe’s Creative Cloud products to edit videos: apparently, there are apparently some codecs that remain dependent on QuickTime being installed. If you are using Creative Cloud to edit videos, this may be an important consideration. You may want to consider the pros and cons of removing it if this is your situation, or do your design work on a Mac for the time being.
A more detailed and in-depth discussion of the vulnerabilities and consequences can be found here if you are interested.
For the first time, Apple confirmed over the weekend that Macs have been infected with a variant of one of the pernicious ransomware viruses out there. It appears that it came in through an infected copy of “Transmission,” a program that is used to transfer data on the BitTorrent peer-t0-peer file sharing network.
This has been a long time coming and it should raise a flag for Mac users who have previously not felt they had much to worry about. While (this time) it only affects a specific sub-set of users this time, it proves that this type of ransomware can infect Macs. And since it truly does encrypt files, without a backup the only options are to pay the ransom or lose your files.
The same rules apply to Mac users as all the PC users out there – offsite backups are the way to go. You should always have an offsite backup, ideally one that you rotate throughout the week, to ensure that if you are infected you can roll back to previous versions of your files.
As always, feel free to call if you have questions.
Ransomware like Cryptolocker has been the bane of my existence for a while, and a new variant called Locky is beginning to make it’s presence known. Like all ransomware, it encrypts the files on your computer and once this has been completed, a message pops up informing you that you need to pay a ransom in Bitcoin to retrieve your files. There isn’t a fix for any of the variants I have found so far – you have to restore from backups.
A new variant called “Locky” is starting to show up and it seems just as bad as the original. So far it appears to be spread through email attachments. Victims receive an attachment that says something like “Invoice” and appears to be a Word document, but when you open it you see what appears to be garbled text. A message on the top says you should click to “enable macro if the data coding is incorrect.”
Of course, “Enabling the macros” doesn’t actually fix the document, it installs the malware on your computer. It will encrypt any files it can find, including mapped network drives, and the only solution aside from paying the ransom is to restore a previous backup. If the malware had access to a locally attached backup that will likely be encrypted too, so you will need to have an offsite backup to actually restore.
I’ve had a few clients pick up this virus and it is something I dread. So far everyone that has gotten it has had an offsite backup (I think most clients do at this point) but it’s always a worry.
The bottom line is, (as always!) if you aren’t expecting an attachment from someone, just don’t open it. Even a trusted contact could send this to you if they were infected and didn’t know it, or if their email address was spoofed (faked). If you aren’t completely certain it’s a legitimate attachment, give the sender a quick call and ask if they sent something. In addition, you can always forward suspicious emails and attachments to me and I will be happy to take a look or scan them for you.
If you are interested in a little more in-depth information on Locky, you can find an excellent article from Sophos here, and as always, please feel free to call me if you have questions or suspect you may have an issue.
I run a small business, and our focus is on working with small businesses. I have learned so much from my clients, from both their successes and challenges, and it’s been a fascinating aspect of consulting. So this is a little outside the scope of tech, but I wanted to share a great podcast that I think most of us will find relevant, even if you aren’t in the hospitality industry.
The podcast is from Fizzle, a company that…well, I’ll let them tell you: “honest training + vital community for people who want to build their thing and support themselves. It’s for creatives, makers, artists, hackers, bloggers and internetters willing to dig in and care about the what and why of independent business. “
Their blog and podcast makes for some interesting reading and listening, but I want to point you to a particular podcast. The interview is with Mark Canlis, of the family that runs Canlis in Seattle (I’ve never been, but next time I’m up that way I’m headed there. :>)
While this is most directly relevant to folks in hospitality, all of us in business are in customer service in some form and Mark beautifully articulates some concepts here that could fundamentally change the way you think about the service(s) you offer. Do yourself a favor and go listen here and then come back: Fizzle Interview with Mark Canlis
Ok, so I particularly love his comments about the difference between rules and tools vs. the strategy for winning. The rules are things like, you have to make a profit to stay in business, if it’s a restaurant the food has to be good, and tools are the things you use (your product, your space or presentation, etc.) vs. the strategy; the strategy is where you find the real value and meaning for yourself and your customer. It seems obvious stuff when you spell it out, but he articulates it beautifully and brings such clarity to the thought process around it. I also love the way he applies the same logic to his employees, thinking about who they are becoming as well as what they do. Anyway. Just a terrific podcast and a great reminder about service and what it takes to get it right. Hope you too found some inspiration here.
Information Technology services are essential to the success of every organization, large or small. With increasingly competitive business environments, CEOs and small business owners are under great pressure to maintain a highly qualified staff and to make sure their technology is obtaining a better ROI than their competitors’.
These goals are not easily achieved, particularly for young or small businesses with less financial resources and time available. Having your own successful information technology department can eat up too much of the company’s budget and time resources, and eventually cause a loss of its competitive edge. These disadvantages of maintaining an in-house IT department are why companies of all sizes have turned to using managed service providers to either assist their existing IT department or become their virtual IT department, handling all of the technology involved in keeping their businesses running at optimal levels.
The benefits of using a managed IT services solution are numerous, but the top 5 benefits of managed services for business include:
- Benefit from the expertise of a specialist, without having to spend time and financial resources training your staff to become experts
- Decrease your technology risks with Managed IT Services. Your company doesn’t have to worry about losing and trying to replace trained staff members, or about repairing, implementing or replacing complex technology solutions with Managed IT Services
- Enjoy access to the most up-to-date, sophisticated technology solutions without having to invest in expensive equipment.
- Experience ultimate control over your business technology without having to manage an information technology department. This gives you the time you need to focus on what you do best: your business functions.
- Reduce stress and improve efficiency of your staff. When you make good use of Managed IT Services resources, your staff isn’t tied up with IT concerns and they have more time to focus on tasks that are productive for the business.
With computers and Internet access such an integral part of every business, and the Internet filled with everything from gambling to x-rated websites, it is critical that every business has an Internet Use Policy in place. This policy can help prevent your employees from accidentally or intentionally causing harm to your company or your company’s reputation. While you don’t want to give your employees the idea that they are living in George Orwell’s 1984, you want them to have a clear understanding of practices that are and are not appropriate during work hours. It is necessary for companies to create an Internet policy that everyone can live with.
Why Have An Internet Use Policy?
The purpose of a business is to make money. In order to accomplish this, the company has to have productive employees. The Internet can be a time drain and often prevent employees from being as productive as they should be. With such a wide range of information available on the Internet, it is necessary to clarify the company’s expectations of its employees regarding Internet access. With a strong policy in place, the employee, as well as the employer, will find Internet use less confusing and frustrating.
Another important reason to have a strong Internet Use Policy is to save your company from unnecessary lawsuits. Unless you have a clear policy on what is and is not acceptable on the Internet in your company, you can risk having an unfair dismissal lawsuit on your hands when an employee is abusing the company’s Internet.
What Elements Should Your Internet Usage Policy Contain?
When planning your Internet Use Policy, it should contain certain key elements such as:
- The company Internet is for company business only and to be used only during company business hours
- All work done on company computers during business hours, including all emails, is company property and can be accessed by the employer at any time.
- Establish what type of computer use is unacceptable such as accessing personal social media accounts, personal email, pornographic websites, etc.
- Employees must refrain from accessing websites, creating, or forwarding email that promotes any type of discrimination such as racial or sexual discrimination, or that is defamatory or harmful towards another person or group.
- Employees are not allowed to gain access to or attempt to access other employee’s computers, employee stored information, or any information unauthorized by the company.
In addition to the guidelines above, inform your employees that whatever is done by the company, for the company, and on the company computers should remain confidential and within the confines of the company. In addition, let employees know that when they access unapproved sites, they risk infecting the company computer system with viruses that could possibly shut down the entire company network.
Having an Internet use policy in place helps to eliminate any confusion and possible abuse that could prevent a company from functioning productively. A solid Internet use policy help to make the work environment more pleasant and more conducive to getting the necessary work done in order to have a successful business. Creating a safe and productive environment is important for any business, and one way to ensure that is to implement an Internet use policy.