Thursday, May 5, 2016

Data Backups & Recovery; What to Look For

Local, On-site, Off-site, Cloud-based, Business Continuity....

These are all terms for various types of data backups. And if you search online for data backups, the list becomes long and arduous. So how do you determine what is best for your business?

Local & On-site Data Backups

This is exactly what it sounds like.  Your data is being backed up at your location, possibly on your server as a Windows backup, on a magnetic tape, or on an external drive.  This is typically a more affordable method, internet is not required, and will give you immediate access to your data from your location. However, it does have its downfalls.  On the chance that disaster occurs at your location, your data could be inaccessible from a remote location or even worse, destroyed.

Off-site, Cloud-based Data Backups

This method of backup does require internet as your data is stored away from your location.  This can be seen as both a fault and an advantage.  Unlike local backups, if disaster was to occur at your location, you can rest assured that your data will be safe from fires and floods.  You also have the ability to gain access to your data from remote locations.  For some customers, this ability alone is a deciding factor. The disadvantage of course is cost.  Typically off-site backups are more expensive than on-site and are usually subscription based.

So What is Business Continuity?

Business Continuity is the relative "new kid on the block".  The focus here is not on recovering data after a disaster, but continuing to access it during a disaster.  This method can be virtualized quickly both on and off-site, allowing your business to keep functioning and saving you costs by eliminating the normal down-time.

Again, the disadvantage might be seen as higher costs, but if you weigh it against the advantages, it may be worth considering for your business.

What Method is Best?

That really depends on your business.  Disasters are something we do not like to think about.  For us at CMS, it is always on our mind, especially with hurricane season less than a month away and the recent flooding in Texas.  It reminds us that things can go wrong, and it's not always a natural disaster.  Ransomware has grown exponentially in the past few years, and with your network files encrypted, a secure backup may be the only thing to protect your business and your investment.

Find someone you trust, give us a call at CMS.  We will help you look at your data and determine your needs.  From there, we can assist you in finding the method to work best within your budget and still accomplish your goals.  If you would like a little more information on Business Continuity, you can visit our website to read more.

**For all our readers along the coast, June 1 begins Hurricane Season.  Visit to get ready.

Monday, February 8, 2016

The 2015 Annual List of the Worst Passwords

Sorry Star Wars Fans, But You Just May Need to Change your Password.

It’s that time of the year again. SplashData releases its 5th annual report of the most commonly used passwords in order to highlight the insecure password habits of Internet users.

The purpose of this list is to encourage users to become more conscience of Internet security and the threat of stolen passwords. Using weak passwords puts the user at risk for hacking and identity theft.

Here are the top 25 worst passwords that made it onto the annual list:
  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. football
  8. 1234
  9. 1234567
  10. baseball
  11. welcome
  12. 1234567890
  13. abc123
  14. 111111
  15. 1qaz2wsx
  16. dragon
  17. master
  18. monkey
  19. letmein
  20. login
  21. princess
  22. qwertyuiop
  23. solo
  24. passw0rd
  25. starwars

Numerical sequences have taken several spots on the 2015 list, along with keys that are in order on the keyboard, such as qwerty & 1qaz2wsx. Of course, pop references are always a hit and this year was about Star Wars, but even The Force can’t protect you from malware.

Longer keywords did appear, but using a longer password does not add security if the password is simple or has a detectable pattern.

The thing we want you to remember is that the list above was compiled from passwords that were compromised and leaked this past year, so they have already proven to be “hackable”.  If you would care for a downloadable PDF document with the passwords and security tips from SplashData, you can safely download it from CMS.

Friday, November 20, 2015

Protecting Your Network from Ransomware

What is Ransomware?

Ransomware is malware that holds the victim’s data ransom by preventing access to the computer by locking the desktop or by encrypting the user’s files where they cannot be read. The malware then displays a ransom note, possibly pretending to be from federal or local law enforcement of some sort.

The ransom note may even claim that the computer was used to look at illegal websites, videos, or images and will try to frighten the victim into paying up by threatening to bring them to court.

As we quickly approach 2016, researchers at Fox IT have successfully identified the “Big 3” Ransomware families, whose members have generated huge income in 2015:
  • CryptoWall
  • CTB-Locker
  • TorrentLocker

What are the Basic traits of Ransomware?

Although each ransomware variant is unique, they still work in similar ways. There are generic traits seen with these behaviors.

File-system behavior

Most ransomware will place payment instruction files in the directory of the files that it’s going to encrypt. These files are usually in the form of a text, image and/or URL. It may even include a popup window notifying the user that his files are being held ransom and require a ransom.

Network behavior

Ransomware will encrypt files on drives that are network mapped on the computer as a side effect. This can affect an entire business that relies on network shares for their data, potentially spreading from one computer, to the server, to all other computers that access that server. Having a proper backup solution in place may be the only solution to protecting your data.
As we find encrypted files on a network share, we can use that to determine which user was initially infected with the ransomware by checking the creator of the instruction files on the share. This tells us which computer to disconnect from the network. The goal is to disconnect the infected user as quickly as possible from the network to prevent any further damage.

So where did the Ransomware come from?

One method for installing ransomware is through certain websites. These may be malicious websites, set up by criminals for the sole purpose of infecting website visitors, or they may be legitimate websites that have been compromised by infected advertisements or links by the criminals and used to spread malware.
Another way ransomware can install on your computer is through the opening of email attachments in SPAM or infected emails. These malicious emails may have what looks like regular files attached, but once you open them, your computer is at risk of becoming infected with malware. You may not even see it happening.

Ransomware on Mobil Devices

Ransomware for mobile devices is becoming more common and now have the ability to lock your smartphone or tablet or even encrypt the files stored on these devices. Criminals have learned that we are more dependent upon our phones and tablets than ever before. In some instances, they are more frequently used than our computers, explaining the increase in “mobile malware”.

Follow these tips to stay protected from ransomware.

  • Make sure you have a quality, antivirus program installed on your network, and that it continues to be updated on a regular basis. This also includes installing a reputable security app on your phone and tablets.
  • Keep the operating system and all software on your computers & servers up-to-date by installing the latest security patches and updates.
  • Consider adding a mail-filtering service that not only protects your email from SPAM, but also adds manageability and virus protection. Some services, such as MailWatch from CMS, will continue to spool your email when your connectivity is down, protecting you from lost emails.
  • Avoid downloading software or mobile apps not necessary to your work and only download from trusted sources.
  • Most importantly, Backup! For your network, have a data backup solution in place that protects your critical data on your network so that if anything does happen, you have an untainted backup source to retrieve from and restore to your network. And don’t forget to back up your mobile device to a reliable cloud source that you can retrieve from and restore.

Thursday, October 29, 2015

Cloud Applications VS Installed Software

In the past when a person needed new software such as Microsoft Office, they would simply travel to their nearest retailer and purchase a brightly-colored box with a CD and a license key inside. The next transition from this became visiting a website, purchasing online, and downloading a file directly from the website.

And now it seems that we have hit the next phase. Applications now are going a step further by not requiring a download or installation at all, but by logging into the application via the internet. Welcome to the Cloud!

So what are "Cloud-based Applications" & How Does it Work?

We often see the term SaaS. SaaS is a term for Software as a Service; meaning that instead of buying software in disk form, you are paying for a service that is provided to you. You are no longer getting a CD and installing it on your computer, but accessing it by visiting a website and logging in.

So are Cloud-based Applications Really Better than Installed Versions?

There are certainly advantages to moving to the cloud. Small businesses should really look at their goals and potential growth and evaluate their current network situation. Contacting a local IT company to help with this evaluation would also be beneficial.

Some of the benefits of cloud-based applications include:
  • Less maintenance required
  • Reduction of start-up costs
  • Regular updates and patches, performed by the vendor
  • Reliable backups controlled by the vendor
  • Ability to access your data from multiple locations and devices
  • Flexibility; typically a per user fee.  Only pay for the users you have accessing it.

Questions to Consider:

As with any network changes, there are questions you should consider before making a switch in platforms. Again, it is always wise to involve your IT department or company to help with an evaluation beforehand.

System requirements; even cloud-based applications may have onsite needs. If so, what are they?

Network compliancy; is your environment compliant with current, up-to-date devices? This can be your PCs, the browsers that you use, and most importantly, your internet connection.

HIPAA compliancy; Do you require HIPAA compliancy and does the cloud provider you’re considering offer it?

For the most part, changing from an installed version to a cloud-based version should be a relatively smooth transition, especially if it is still with the same solutions provider or vendor. And as we are now seeing, it is becoming the current trend with most providers to move in this direction, forcing our hand so to speak.

The biggest point to make here is that if we don’t stay current with our technology, we only open ourselves to potential security threats or “old tech” that just keeps breaking. Staying current with your IT will help eliminate your downtime.

Friday, September 25, 2015

Who's Looking Out for Your Network?

Today I want to talk about the importance of using a consistent IT services provider.  Every business out there relies on some type of technology to make their business run, whether it is your phone system or your computer network.

At CMS, we work with a variety of customers both large and small.  Some customers employ their own IT personnel and simply rely on us as a provider of equipment and backup support, while others depend on us fully for managed services, using us as their "offsite IT department".  Regardless of your size and budget, having a local IT company that you consistently work with is important, and here is why.

Knowledge of your Network! 

Working each time with the same company, they will learn your network.  They will be better educated on the layout and design of your network, the applications that your employees use and the security policies in place.  If you're not using the same business to resolve your issues, each problem will cost you in additional time to pay for a learning curve.

 Elimination of Problems Before They Occur


Because there is a familiarity with your business and your network, your IT provider can help you eliminate problems before they occur.  They are more capable of seeing a device with declining performance if they are always the ones to work with it.  And as we know, fixing a problem is much quicker at the beginning than it is in the end, which can reduce your down time.

The Trust Relationship


Finally, it all comes down to trust.  Your IT provider should understand the nature of your business and only have your best interest at heart.  Your goal is to run your business as efficiently and effectively as possible, and your IT company should be up to the challenge to make that happen.

Sometimes, it may seem like it is salespeople just trying to make a sell, and we understand that getting your network up to standard can be expensive at first. However, we can say that customers who trust us and make the investment are more productive and suffer less downtime.

We encourage you to find a local IT provider in your area that you trust, check out their reputation with other customers, and build a relationship that will strengthen your business.  If you are in the Southeast Texas area and are looking for someone, visit with us and ask us questions.  We are always happy to meet new faces.