Author: Casserly Consulting

Categories
Casserly Consulting Blog

The 3 F’s of a VoIP Solution

hosted_voip_400.jpg

Communication is pivotal to the success of your business, but it’s hard when you have a telephone system that seems like it was built for an age long past. A modern telephone system that utilizes the cloud is the ideal way to approach collaboration in the workplace. You have some options for this, but the easiest to take advantage of is a cloud-hosted Voice over Internet Protocol solution.

Compared to the traditional telephone system, a VoIP phone solution provides substantially more freedom to go about your business as you see fit, as well as the flexibility to adjust needs on a whim and the functionality you expect from an enterprise-level modern phone system.

Freedom
If all you’ve ever known are corded desk phones with a limited reach, then you don’t know the heightened experience of putting on a wireless headset and taking your business on the road. Traditional telephone systems are limited in scope because you’re tied to your desk or within a certain radius of your handset. VoIP phone systems can be used on any connected device, be it a desktop, a laptop, or even a mobile device. Since it’s a cloud-based application, your business can make use of it wherever and however it pleases.

Flexibility
When you implement a traditional telephone system, chances are you have a specific setup in mind that caters to your current needs. Now imagine that your organization is growing at a staggering rate and you don’t have enough phones for everyone. Knocking down walls, running cables, and changing your physical infrastructure just to add a few phones to your network is an overly complicated and expensive process. A cloud-based VoIP system allows you to add new numbers and users when they are needed. As long as your network can sustain the bandwidth (have the IT professionals at COMPANYNAME consult your Internet service provider for more information on this), you can add as many users as you need.

Functionality
A traditional telephone system is subject to the whims of phone providers. This in itself isn’t inherently bad, but the fact that so many of them bundle together unnecessary services makes for a frustrating and expensive system. For example, your business certainly doesn’t need 300 channels of cable television in addition to its phone system. Instead of bundling unnecessary services together, a VoIP solution offers you the opportunity to customize the solution to fit your specific needs. This includes additional options like instant messaging and video chat, in addition to all of the tried and true basics like conference calling and voicemail. Basically, you only pay for what you actually want and need, not what the provider thinks you want and need.

Could your organization use hosted VoIP? COMPANYNAME can help. To learn more, reach out to us at PHONENUMBER.

Categories
Casserly Consulting Blog

How a Data Backup Can Be Used, No Disaster Necessary

data_backup_no_disaster_400.jpg

Data backup may not directly help you boost your productivity, but it is a core component of any responsible business’ continuity plan. Each year, thousands of businesses that don’t take threats into account are forced to close their doors because they didn’t have a contingency plan in place. For every business that plans for the worst there are two that don’t, either because they see the strategy as too cost prohibitive, or because they just don’t understand the amount of threats that could put their business in the position where they would need to close.

There are several aspects of a backup and recovery strategy that business owners (who do see reason to implement one) have to square away. By breaking the strategy into three core parts, your organization can secure a positive ROI from a backup and recovery system that, with any luck, you’ll never have to use.

Data Backup
Deciding on a backup platform is obviously the first step in the process. There are several strategies a small business can use to cover its assets. They could use cloud storage, network attached storage facilities that use hard disk drives or tape backup drives, or even a manual system where people protect the data by backing it up to a hard drive and then take a copy with them when they leave. No matter what platform you choose to utilize, you have to understand that if you look at your data as an asset, it stands to reason that you would want to protect as much data as you can. At COMPANYNAME, we offer a comprehensive backup and disaster recovery service that utilizes network attached storage that pushes copies to the cloud in real-time. This not only provides the kind of data redundancy every organization needs, it allows our clients to thoroughly plan their data recovery strategies.

Before we go into recovery, we’d be remiss not to mention that some data simply isn’t important. Small businesses often have a lot of data they collect but don’t do anything with, so it just sits on their infrastructure taking up space. Some businesses look to data analytics to cut down on dark data, but for the small business that doesn’t have a backup strategy, it might just be putting the cart before the horse.

Data Recovery
If you are looking for a positive ROI, this is where it begins. A business needs to establish acceptable parameters for the recovery of their data. To do this, an organization is going to have to establish what are known as their recovery point objective (RPO) and recovery time objective (RTO). Before we elaborate, we should say that if you are in a position where you need to restore a large portion of your data–whether it be because of malware, natural disaster, sabotage, or blatant negligence–you absolutely have to have these plans made (and tested).

The recovery point objective defines how much data your business could reasonably afford to lose in order to be able to sustain operational effectiveness. Recovery time objective is the maximum time you believe you can go without your data before your business fails. Each figure isn’t static throughout your business. Some of your data is more important than other data, of course, and has to be weighted this way. Therefore, some systems that hold more crucial data will have different RPOs and RTOs than less critical systems.

How the System Provides a Calculable ROI
This is where you can put it all together. How do you calculate the return on investment on systems that you hope you will never ever use?

  • Establish your organization’s hourly realized revenue. To do this you take the amount of revenue your organization has taken in over the past year and divide it by the total working hours you and your staff have logged for that time.
  • Figure out how much you would stand to lose both with and without a backup and recovery system in place.
  • Multiply the hourly realized revenue with both scenario-specific figures you’ve calculated in step 2 and take the difference. This number represents the total avoided loss, in dollars.
  • Finally, plug that figure into this formula to measure your backup system’s ROI:

ROI = (Avoided loss – Cost of backup and recovery system x 100%)

Without a disaster hitting your business, you may think that backup and recovery strategies are a waste of time and resources, but the ROI is clear.

If your business is looking for a backup and disaster recovery solution that can seriously save your business in the event of a disaster–something no ROI calculator will ever tell you–call the IT professionals at COMPANYNAME today at PHONENUMBER.

Categories
Casserly Consulting Blog

Know Your Tech: Wizard

kyt_wizard_400.jpg

At first glance, you might not think about computing when the term “wizard” pops up. However, there is a certain type of program that is used exclusively for the purpose of helping someone install something on their computer.

A Wizard’s Goal
Traditionally, a wizard has been represented by an old man with a beard, robes, and a pointy hat. They might cast spells or have mysterious powers that help guide a young hero on their quest. Ultimately, this is their purpose–to help a hero walk a path that they themselves cannot follow.

Not coincidentally, a wizard program on your computer serves a similar function. Like the mysterious figure Merlin mentoring the legendary King Arthur, or Gandalf the Gray aiding Frodo Baggins in his quest to destroy the One Ring, the wizard software is meant to help the user toward a certain goal. The goal can vary, but it’s usually something like installing or configuring a program on your computer, or perhaps running a scan of your PC.

Qualities of a Wizard
A software wizard will generally break down tasks into a step-by-step process that a user can easily follow. Each step will show up on a separate page. The wizard is designed in such a way that each step must be followed in the correct order before proceeding with the task at hand. Wizards will often use progress bars to show the user how much time they must invest in order to follow the process to completion.

Wizards these days go by different names, or their functionality has been absorbed by other programs on your computer. Some virtual assistants and office assistants work in much the same way, eliminating any need for wizards. However, it’s worth mentioning that wizards are so helpful that many applications and online forms emulate wizards to make things easier for the users–gone, but certainly not forgotten.

Be sure to subscribe for more great tech terms.

Categories
Casserly Consulting Blog

The Internet of Things Gives Great Power to Our Phones

iot_power_to_phone_400.jpg

The Internet of Things is a bit of a paradox in and of itself. It has been leveraged to accomplish great things, but at the same time, it can be used in a way that can create considerable problems. However, innovations have proven that the IoT isn’t going anywhere, anytime soon, especially now that it can use the devices that we carry in our pockets.

Taking the IoT to New Heights
Smartphones are notorious for swiftly becoming obsolete, which means that there is a great opportunity to repurpose them and give them new life as a critical component of an IoT device. Just ask NASA.

The National Aeronautics and Space Administration has long been sending satellites into orbit – despite the intense costs to construct them, let alone get them where they need to go. To help decrease these costs without sacrificing the insight that these satellites provide, NASA started the PhoneSat Project in 2009. Rather than sending a few conventional, expensive satellites into orbit, many nanosatellites can be built from off-the-shelf components and sent into space. These nanosatellites rely on smartphones in order to function.

This initiative has appeared to be very successful, as version 2.4 of PhoneSat, “CubeSat,” reentered the atmosphere on January 31, 2017 after spending more than three years orbiting Earth. These nanosatellites have a relatively tiny price tag of $8000, and have, thus far, proved massively successful.

Bringing the IoT Down to Earth
Of course, the IoT has far more uses that are much more practical to the user who is not affiliated with NASA. Samsung Electronics created a team whose task was to figure out ways of taking older models from the Galaxy line of phones and figuring out how to leverage them as an IoT device. This “Galaxy Upcycling” team created a huge variety of IoT-powered purposes – including a few for the owners of hungry pets. The Smart Fish Tank they developed could feed the fish through a text message, and the Smart Pet Bowl would send the doting pet owner a picture whenever Fido or Fluffy chows down. This project has since been completed, the final product anticipated to be released soon.

Security Concerns
Of course, the same issues plague the IoT powered by a smartphone as have plagued all IoT devices that have come before: namely, security concerns. The IoT is notorious for its devices not having sufficient security installed, and often have no real way to update later. Time will only tell if this will eventually be a fatal flaw for the IoT, or if it will be overcome.

What do you think? Would you consider using an old smartphone to make another object smarter? Tell us why or why not in the comments!

Categories
Casserly Consulting Blog

5G is Still Going to Take A While

5g_take_a_while_400.jpg

As technology has improved in function and convenience, we seem to demand more and more of it at an increasing pace. Take mobile data as an example: 4G was introduced in 2009, and less than a decade later, there is high demand for 5G. Unfortunately, while 5G has been worked on for some time already, it isn’t likely that it will be commonly available anytime soon.

The technology being touted as the driving force behind 5G has quite a few practical issues, many of which may prove to be too much for the anticipated improvements to offset. Many of these issues are rooted in the proposed use of enhanced mobile broadband (eMBB) via millimeter wave (mmWave) and the inherent issues with this plan.

Range
A big problem comes from the range of mmWave. Currently, 4G signals can reach anywhere between three and thirty miles, while mmWave can only reach a third of a mile – one ninth of its range now, under ideal circumstances. In order for 5G through mmWave to be successful, there would need to be some major infrastructure updates.

This has been addressed in the planning processes, as it is likely that the cell towers we are accustomed to today would instead be replaced by shorter-range femtocells. These femtocells would be approximately the size of a microwave oven, and could be added to existing pieces of infrastructure, like light poles, traffic signs, and even public transportation vehicles like buses. However, these open up the idea of implementing 5G to more complications.

Connectivity
For example, mmWave signals are incredibly easy to block, which is why there would need to be so many femtocells added to the existing infrastructure. When something as simple as an unfortunately positioned traffic sign can block a signal, signals need to be coming from more than one direction.

There is also the matter of bandwidth that needs to be addressed. Consider how much usage each femtocell would see – they just wouldn’t be able to network as efficiently as necessary for proper use. This would mean that the entire network of femtocells would also need to be connected via costly high-speed fiber cabling, which would be an expensive and time-consuming endeavor.

Cloud Confusion
With cloud computing having become such a widely utilized tool, it only makes sense that the femtocell network would be managed via the cloud. By creating a virtual network in the cloud, software-defined networks (SDNs) and network function virtualization (NFV) could be leveraged to manage the 5G network. Trouble is, there are various kinds of SDNs and NFV, with no one standard. The Linux Foundation is working to change this, but this still isn’t an issue that will likely be resolved in the near future.

Regardless, 5G is going to happen – femtocells are inexpensive and, for all their faults, a potentially beneficial way to make it possible. Furthermore, people want better mobile bandwidth. The technology is just going to take some time to develop.

However, if you want to improve your business’ connectivity now, we can help. Give COMPANYNAME a call at PHONENUMBER.

Categories
Casserly Consulting Blog

Know Your Tech: Safe Mode

kyt_safe_mode_400.jpg

If you are trying to identify a specific issue with your PC, it can be difficult to do so due to the fact that there are so many moving parts in an operating system. Still, you want a secure way to find the problem and diagnose it. Thankfully, Safe Mode allows you to take a look at your computer in its most basic form to see what the root of the issue is.

What Safe Mode Does
Chances are that your business’ computers have a lot of extra drivers and features on them that make things a little more difficult for your organization. When you boot up a device in Safe Mode, you make it much easier to diagnose problems since you’re booting it up in its bare minimum state. If the issue persists even in Safe Mode, for example, you know that it’s a problem with the core functions of your PC, whereas the opposite means that it’s a more specific issue with something you’ve installed.

There are two major ways that you can access Safe Mode on your PC. The first is the one that we just outlined. The other can include your network drivers and devices, but this sometimes isn’t what you are looking to do.

Follow these directions to implement Safe Mode on startup.

From the Start Menu:

  • Select the Start button in the bottom-left corner of the screen.
  • Select Settings (the gear icon)
  • Click on Update & Security
  • Go to Recover in the left-hand column
  • Go to Advanced Startup and select Restart Now
  • When the device restarts, select Troubleshoot > Advanced Options > Startup > Settings > Restart
  • Upon startup, hit F4 or the number 4 for Safe Mode. Hit F5 or the number 5 for Safe Mode with Networking

From the Sign-in Screen:

  • Restart your PC. Hold down the Shift key while you’re selecting Restart.
  • When the device restarts, select Troubleshoot > Advanced Options > Startup > Settings > Restart
  • Upon startup, hit F4 or the number 4 for Safe Mode. Hit F5 or the number 5 for Safe Mode with Networking

Have you found this tip helpful? Subscribe to our blog for more great technology tips and tricks.

Categories
Casserly Consulting Blog

Cryptomining is Inspiring Cybercrime

cryptomining_crime_400.jpg

Blockchain technology is mainly known for its use with cryptocurrencies. Even though the values of cryptocurrencies have leveled off after the incredible growth it has sustained over the past few months, users are still attempting to use cryptocurrencies to make a little bit of extra cash on the side. Of course, if there is money involved, you can bet that there will also be criminals and shady activity surrounding it.

Criminals love to take advantage of cryptocurrencies due to how much they value anonymity. Unfortunately for hackers, mining cryptocurrency legitimately can be expensive and take a long time. You even need dedicated computer hardware in order to do it, which creates substantial costs, like an increase in your power bill.

Due to how difficult it can be to mine cryptocurrency, a new threat called crypto-jacking has popped up. This type of malware hides on a user’s device and steals its resources for the purposes of mining cryptocurrency. This can lead to devastating results–a higher electric bill, lower device performance as a whole, and more wear and tear on your device’s components. This type of malware only works if the device accesses a compromised website. In the past, this threat would only work if the device remained on the website during the duration of the attack, but hackers have since found ways around this. Some infected websites have gotten so crafty that they can hide a pop-up behind the computer’s task bar, where it can remain for as long as the hacker needs it to.

Crypto-miners are also known for spreading this hidden code to all kinds of websites themselves, as well as through malicious browser extensions. This type of malware is has been found on a broad variety of different websites, like the United States Courts, the United Kingdom’s National Health Service, and the Australian state governments of Victoria and Queensland. It was found in a text-to-speech translation plugin used on these sites. Consequently, the developer of this plugin removed it from all sites as soon as it was discovered.

It’s incredibly important that your business pays attention to these kinds of events and trends, as they could create considerable issues for your organization’s operations. If you’re paying a lot of money for your business’ Internet solution, then hackers are taking advantage of all your bandwidth to pull a fast one on you. Cryptocurrency mining is one of those tasks that takes its toll on even the most powerful hardware, making it likely to shorten your technology’s lifespan. This ultimately costs your business in more ways than one.

Thankfully, there are ways that you can combat these attacks. Some browsers are incorporating anti-cryptocurrency measures, and some antivirus programs are making strides toward straight-up blocking crypto-jacking attempts in the first place. Furthermore, there are some extensions that also block crypto-mining and crypto-jacking scripts entirely.

COMPANYNAME can help you make sure that your IT solutions are running optimally, as well as securing your organization’s network from potential attacks. To learn more, reach out to us at PHONENUMBER.

Categories
Casserly Consulting Blog

Understanding the New NIST Guidelines for Password Security

nist_password_400.jpg

The National Institute for Standards and Technology (NIST) has released Special Publication 800-63B, titled Digital Identity Guidelines. The document outlines major changes to the ways password security should be approached and leaves a lot of what network administrators and software developers have implemented recently to be wrong Today, we’ll take a look at the publication, and try to make sense of the sudden change of course.

NIST is a non-regulatory federal agency that works under the umbrella of the U.S. Department of Commerce. Its mission is to promote U.S. innovation and competitiveness by advancing a uniform measurement standard. Many NIST guidelines become the foundation for best practices in data security. As a result, any publication they produce having to do with cyber or network security should be considered.

A Look at SP 800-63B
The newest password guidelines are a swift about-face in strategy as compared to previous NIST suggestions. Instead of a strategy of ensuring that all passwords meet some type of arbitrary complexity requirements, the new strategy is to create passwords that are easier and more intuitive. Here are some of the highlights:

  • Passwords should be compared to dictionaries and commonly-used passwords
  • Eliminate or reduce complexity rules for passwords
  • All printable characters allowed, including spaces
  • Expiration of passwords no longer based on time password has been in use
  • Maximum length increased to 64 characters.

Basically, the new guidelines recommend longer passphrases to the complex passwords as they are hard for people to remember, and even with complexity rules in place, it was becoming increasingly easy for algorithms to crack passwords (seen in the comic strip below).

ib nist cartoon 1

As stated before, NIST is not a regulatory organization, but federal agencies and contractors use NIST’s information in order to set up secure computing environments in which to display, store, and share sensitive unclassified information.

In making these changes to password strategy, NIST is now considering the fact that many industry professionals knew: a password you can’t remember may be secure, but if it’s so secure that you have to rely on third-party software to utilize it, it’s not really that effective at mitigating risk. NIST now looks at the passphrase strategy, along with two-factor authentication as the go-to risk management strategy. SMS-based two-factor authentication was not mentioned in the final report but has come under scrutiny as it has contributed to multiple hacks in recent times.

The NIST also explicitly commands that network administrators be mindful to forbid commonly used passwords; effectively creating a blacklist of passwords. The new guidelines also suggest that users shouldn’t be using the password hints or knowledge-based authentication options; a common practice among banking and FinTech applications to this day. We’ll see if there is a strategic alteration in these companies’ practices as the new NIST guidelines become best practices.

If you are looking for more information about best password practices and data security, the IT experts at COMPANYNAME are here to help. Call us today at PHONENUMBER to have your password strategy assessed by the professionals.

Comic by XKCD.

Categories
Casserly Consulting Blog

Know Your Tech: CMS

kyt_cms_400.jpg

Marketing is increasingly critical to a business’ success, especially when it comes to the use of content as an impressions generator. This makes it all the more important for your content to be well organized and managed. Here, we’ll go over a few options you have as far as content management systems are concerned, and how they make maintaining your content strategy that much simpler.

What is a Content Management System?
A content management system, or CMS, is an application or program intended to assist you in properly producing, editing, and storing content. A CMS serves as a centralized access point for those with authorization to manage your content strategy, helping you to leverage it more effectively. Each CMS falls into one of two types:

  • Web content management
  • Enterprise content management

Depending on your business’ needs and circumstances, one of these choices will be the superior option for you to leverage.

Web-Based Content Management System (WCMS)
Drupal, Joomla, WordPress
If you’re in business today, chances are pretty good that you have a website, and that you hired a website creator to build it. The WCMS is how all of your content on the website is put together and organized, and because your website is the cornerstone of your online marketing, you need to be sure that this content is equipped with the management features and abilities that will boost its success. The other benefit to leveraging a WCMS is that they are largely user-friendly, which means that learning to manage a website is made into a much simpler process.

Because marketing needs can shift in days, or even hours, organizations like yours may need to make rapid changes to their site. A WCMS allows those changes to be made quickly and easily, keeping your content up-to-date and relevant, while incorporating engagement tools like social media, forms, and discussion boards.

Enterprise Content Management System
HP Distributed Workflow, IBM ECM, Oracle WebCenter Content
While there are a few small differences, the basic function of an enterprise content management system is effectively the same as a web-based one. Not only does it provide an organizational information repository for all of the members of the organization to access, it also provides the same content management capabilities. They are often leveraged by businesses in order to:

  • Manage access to organizational content, improving security
  • Improve collaboration through improved file access and searchability
  • Centralize an organization’s content
  • Build a digital content storage platform through the incorporation of a document management system
  • Improve workflow efficiency by creating and storing templates

Enterprise content management provides both access and control over a business’ information, a must in the competitive market of today, helping to boost their success and profitability.

If you have any questions about the different content management systems and software solutions that may benefit your business, you can always lean on the experts at COMPANYNAME. Call us at PHONENUMBER for more information.

Categories
Casserly Consulting Blog

Did You Know Your Router Can be Infected?

router_can_be_infected_400.jpg

A new type of malware is targeting routers in what is considered a large enough threat that even the FBI is addressing it. Even worse, a router isn’t necessarily a device that you think would be vulnerable to attack from a hacker. What can you do to keep your business’ Internet access points secure from hacking attacks? Let’s dig in to the details about what the VPNFilter malware does and how you can address it.

Explaining VPNFilter
The malware in question, VPNFilter, hides in routers for both individual users and small businesses with the intention of persisting even if the device has been rebooted. VPNFilter targets devices that are Ukraine-based most of the time, but others have been known to fall victim to this as well. It’s thought that the VPNFilter malware originated from a group called Sofacy. The malware itself takes three steps to become an issue for your organization.

The first is that the malware sets itself up so that it will persist even if the device is rebooted or turned off. The second stage of the attack consists of the malware installing permissions for itself to change router settings, manage files, and execute commands. This allows the router to essentially brick itself, leading to considerable connectivity problems. The final stage of this malware lets the hackers look at the data packets passing to and from the device, as well as the ability to issue commands and communicate through the Tor web browser.

The reason why the FBI recommends resetting your router is because the second and third steps are wiped when you do so, but the first stage remains regardless.

Is Your Router Affected?
While not all routers are affected, there is still a sizeable list of confirmed contaminated devices. Some of the affected brands include:

  • Asus
  • D-Link
  • Huawei
  • Linksys
  • MikroTik
  • Netgear
  • TP-Link
  • Ubiquiti
  • Upvel
  • ZTE

For a comprehensive list of affected devices, you can see specifics for each brand at Symantec’s website: https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware

How to Fix It
The best way to resolve these issues with VPNFilter is to perform a factory reset for your router, which completely deletes anything installed during the first stage of the threat. If the router’s manufacturer has administered a patch for the vulnerability, you can also install it following a factory reset so that you’ll never have to deal with this vulnerability again.

For more updates and tips on some of the latest threats, keep an eye on COMPANYNAME’s blog.