Author Archives: Jimmy Penttila

  • -

Con men are everywhere

Technology can be challenging to all of us, and con men are everywhere. Phishing emails are one of the easiest way for hackers and thieves to gain access to your information. Once they gain access, they can steal money, use your email for spamming, dig through your emails to find bank account and credit card numbers. This can happen and you won’t know it until it’s too late.

I say this to you because it can happen to all of us, regardless of how tech savvy we think we are.  Phishing emails are slick, and effective otherwise they would not do it.  If you have parents, grandparents, kids, aunts and uncles, employees, friends that are not as savvy.  Please have a talk with them. Show them examples of Phishing emails. Tell them that Microsoft and other companies do NOT call.  It only takes one time and their life savings could disappear. Have the conversation.

Here is a list of things to do if you suspect the email you are reading is FAKE.

Go directly to the site, do not click on the link provided.  For example, if you get an email from Bank of America.  Open a new browser tab, go to their site.

  • Do not call the phone number provided. Contact the company through a KNOWN number
  • If you are savvy enough hover over the link provided and look at where it’s trying to send you (see below)
  • Do not download PDF files – one of the newest Phishing emails now has a PDF in it that when you click it asks you to log in with your username and password (it totally looks legit!)
  • If you have IT support, communicate any suspicious emails to the department or your provider immediately.
  • Inform the sender I.E your friend, your mother, your bank that you believe they have been breached.
  • Inform the police

Below are a few samples of phishing emails, the first one came directly to us last night!

Be safe out there and happy emailing!


  • -

Your information is now a commodity

A friend asked me to present to a client (and his staff) the wonderful world of cybersecurity and ransomware. So, what do you tell someone that they haven’t heard already from the news, mags and blogs that would get him or her to protect their business, their customers and themselves from attacks? How do you guard against something that seems so random, or do you just sit by and hope that it doesn’t happen to you?

 

As 2018 ends its first quarter, we must realize that information is now a commodity, a commodity to be traded like pork bellies on the stock market. It is sold to people and businesses who use this to influence your decisions on a wide range of things, from people and places to politics and products. And that’s only the half of it, for we happily give up some of that information for a rich full life.

 

What about those who mean to use the information for evil?  What about the dark underbelly of the world that means to scrape this information from us and turn it into a revenue generating source.  Credit card numbers, bank accounts, private thoughts and info for blackmail, insider trading, business secrets.  All can bring a hefty price to the right buyer.

 

So, I guess it boils down to a couple of thoughts. Do we want to protect ourselves from theft? Do we care enough about this to do something?  I mean after all it’s not like someone is breaking into our homes and stealing the TV or the few hundred-dollar bills stuffed inside our bible in the nightstand. They are not coming into our business with a gun and “sticking up the joint”.

 

I remember when my car was stolen back in the 90s. Man was I pissed, not that any vital information was in there. I didn’t have my wallet in it. No envelope of 100s in the glove box. But it was MINE. And it wasn’t like I left it running in a shopping mall parking lot with the windows down.

So why was I upset?  I didn’t do anything to provoke this. It wasn’t anything special (seriously it was an 86 2 door grand am with like 11ty billion miles) My point is, it was mine. And someone took it.

 

There will always be someone bad doing something bad. And while sometimes you can look the other way and get over it. Sometimes you can’t “get over it “.  I had insurance on my car. I got over it.

But can you get over someone stealing your life, your Identity, your life’s work on cold fusion, your retirement savings?  I really can’t find many stories out there of people or business being made whole again after these cyber-attacks.

 

So, are we leaving our proverbial cars unlocked with the keys in it?  Unfortunately, I think the answer is yes to some extent.  I equate it to leaving our valuables on the car seat in the darkest corner of the lot and mall security is on lunch.

Look, we all learn from our mistakes. And the first time we get burned we take measures to avoid a repeat performance. But the stakes are much higher and more serious now. You and your business cannot afford to have this happen. If you are attacked by cyber criminals you may not have a second chance to change things, you may not be able to recover.

 

So, what do you do?

Protecting one’s information has some easy starting points everyone should be employing. Let’s start with the easiest of them all

 

Passwords. Passwords should be case sensitive, long, and changed frequently. And this includes passwords on your desktop and laptop, server and router, access points, modem, bank accounts and phone at the very least.

 

Firewalls, antivirus, malware and ransomware. These are important watchdogs. Updates need to be done to the software on a constant basis to ensure that the newest threats can be guarded against

 

Lock the doors! Open network ports can be so easily access, mostly because most don’t know they are even open. Sad but true. And these ports almost always give thieves an opportunity to breach your network. This includes router ports and usb ports. Thumb drives ports can and should be closed by admins so employees cannot use them to up or download.  Emails are also an open door which can be used to enter your network. Have your network admin set up rules through your email account as to what emails are safe and which attachments are allowed.

 

And lastly Backups. I don’t think you can have too many backups.  One on a hard drive, one in the cloud, one in your home and one in a safe, one in shed buried in an old cigar box. It really is that important. It may be your only chance if your information is stolen or held for ransom. It also means you can be made whole again if some other catastrophe happens. It means you have options.

 

Doing all these things doesn’t mean you won’t be a victim of a cybercrime. It means you’re putting protections in place in case it does happen.  It is like buying insurance and a sump pump if you live in a flood prone area, that doesn’t mean you’re going to have a flood. It means you plan and can be made whole again if you do.


  • -

PCI Compliance still lagging in 2017

If we learn anything from 2017, it should be nothing is safe. I was recently reading a great article about PCI Compliance and it got me thinking. Why? Why are we so sure it couldn’t happen to us? Right now, the 2017 Payment Security Report Executive Summary from Verizon states that  ” For the first time, more than half (55.4%) of companies we assessed were fully compliant at interim validation, compared to 48.4% in 2015. But that means that nearly half of stores, hotels, restaurants, practices and other businesses that take card payments are still failing to maintain compliance from year to year.” That leaves almost half still Not PCI Compliant and a potential hazard to you and your personal and business information.

Now for those of you that don’t know what this is, PCI DSS  Payment Card Industry Data Security Standard. This is the standards by which the entity accepting your card as payment should be taking to ensure your information is not at risk. Think of them as doors and windows to your home. If you lock all the doors and windows it is much harder for someone to gain access to your home. Leave something open and you are creating the opportunity for something bad to happen.  But, we live in different times. When I was young, my parents never locked their doors.  Could you image leaving your doors and windows open today?

As a responsible business owner you are charged with keeping your (and your customers) information safe. This means you need to take certain precautions to ensure the information you collect (including names, addresses, credit card info, social security numbers etc.) is safe from attacks. Both online and physically. You must have training for all employees who handle this material.  No, it is not hazardous waste, but put the shoe on the other foot and try to imagine someone dumping your credit card number and name into the dumpster behind the store you just walked out of and not thinking twice. Three weeks later there is a big screen purchase and a trip to Fargo that you did not authorize.  Yes, it happens just like that.

Standards have been set for a reason, not to make it hard to do business, but to make it harder to gain access to vital information that can cause a lifetime of grief. Let us not forget that Equifax put a lot of us at risk for the foreseeable future. The data of roughly 145.5 million people was preverbally left in a dumpster to do with as they like and the ramifications will likely be felt for years to come. And that’s just one example.

So are you PCI DSS compliant? Are you taking the steps necessary to become compliant? Did you know that you can be held responsible for failure to take the necessary precautions and a breech happens?

If your business relies on credit cards for payment, you have had to submit a PCI compliance site survey. And more than likely you will have more red marks on your on your first attempt than a third grader in English class. But fear not, it doesn’t have to be hard. In fact, here are a few simple things you can do to get you started.

Install and maintain a firewall

Do not use vendor-supplied defaults for system password (admin is not a secure password)

Close all open ports on equipment (this will require conflicts with equipment and software to be resolved)

Protect stored cardholder information (lock up receipts in a safe)

Keep antivirus software up to date

Assign a unique ID to each person with computer access

Track and monitor all access to network resources and cardholder data

Regularly test security systems

Maintain a security policy and ensure that all personnel are aware of it

If you need more information or help becoming PCI compliant I can be reached at Jimmy@bitsbusinessit.com

 

Source 2017 Payment Security Report Executive Summary from Verizon


  • -

Driving your Technology

Are you better to your car than you are to your technology?

Most people spend more time sitting in from of their computer than in their driver seat, and spend more time and money maintaining their car then their technology.

Like taking your car to a trusted mechanic or dealer for maintenance, most small to medium businesses utilize an outsourced IT firm for maintenance.  Sure, you can change your own oil, but do you have the equipment, time or knowledge to do an alignment? Outsourcing your IT is no different.  Sure, you can change the cartridge in your printer, but do you have the time & knowledge to deal with new workstation installations, server security, or virus removals?  Outsourced IT firms can keep up on regular maintenance, install updates and keep you protected against threats. They can also inform you of impending dangers to your system, keeping you up and running instead of broken down and lagging. We rely on specialists because they stay up to date on their field, e.g. CPAs, Attorneys, Mechanics, IT professionals and they will always be better and faster at fixing a problem than we can be.

Even large firms use an outsourced IT company to augment their staff. They have one person on staff to handle the day to day hiccups and utilize and outside firm when doing the behind the scenes stuff and heavy lifting such as larger projects, so they don’t waste resources.

Technology in general needs maintenance, and if not properly maintained it can leave you falling behind your competitors, draining your staff and costing you money. A good working network with properly licensed products and up to date software, up to date security is vital to your business. Now fortunately, our cars don’t come under very many outside attacks or threats (besides the runaway shopping cart and your children’s baseball practice.)

Look, if you want to get from A to B a bus will get you there. However, if you are in it for the long haul and want your business to go from A to Z you’re going to need to keep your system running right!  It’s up to you, but I would rather sip tea pool side than work on my car!

If you have questions about your IT, please give us a call.


  • 0

Backups Saved My Company

Backups saved my company

Anyone who reads this probably knows how we operate here at BITS. Knows how we constantly insist our clients run backups of their data and test those backups.  Some of you take this to heart, some not so much.  Well it happened; in less then six degrees of Kevin Bacon someone close to you had a catastrophic failure.  There were no lights flashing, no “warning, warning danger Will Robinson”.  Nothing! Down went their ERP system and with it their ability to do business as usual.  Sweating yet? Worried? You had better be.  Their ERP support wanted $28,000 to put them on a support package and start working on the problem.  I repeat, $28K!  I’ve seen that kind of expense devastate a business.  Could you afford that kind of hit? Good news is they are up and running.  Now I won’t go into the ugly details and all the techy stuff BITS did to get them back up and running because it doesn’t matter.  What does matter is that THEY HAD BACK UPS! Working, up to date backups. That saved them an enormous amount of money, time, and frustration. When’s the last time you tested your backups?

On site and off site backups of your data are your friend. Not just another thing on your long list of to dos for the day.   The backup fairy isn’t going to do them for you (unless they are automated by BITS.)  Did you know the movie TOY STORY 2 was almost lost?  Woody and all his crazy

Protect your data with backups and Boutique IT Solutions

adventures would have been lost if it weren’t for backups.

You have to go to work to support your family

You have to breathe in and out to survive

You have to run a solid back up to protect your business

Without your backups your data can be lost forever. You worked hard to capture that data.  You spent 2 years working with a prospect to close the deal with company xxx. Now your presentation is gone.  Every contact and the data to go with them are now gone. A lifetime of contacts, your pipeline, your inventory records, GONE.   There is not a call BITS and fix it button like Staples has. Without that back up it’s gone.

Our goal is to ensure no one that we work with ever has to pay a $28K trouble ticket to their software company and that they never lose their data.  As we get older gray hair is bound to happen.  Your backup shouldn’t be a reason for it!

This client had done backups and never had a problem. Obviously the clock was ticking, as it is for most of us.  You will have data that is deleted accidentally; You will have hardware failures that cause data loss; You will have disgruntled employees delete precious files from your server.  But if you have multiple backups in place it will never impact your business.

In the following days we will be calling all our clients and stressing this important fact and discuss how mission critical backups are.

Now go run your back up!