[this article is from our Small and Medium Sized Enterprise website.]

If there is one thing most small businesses can agree on – it’s that time equals money. Small business owners are in a position where they have to be a jack-of-all-trades, often spending most of their day wearing different hats. This is the nature of the small business and while expected is not always the best way use of time.

In order for a small business to be successful and remain competitive in an industry, there must be designated time for the owner to focus on growing and building the business. In many cases small businesses fail as a result of being unable to handle emergencies or other situations that are simply beyond the control and expertise of the owner.

Any business that relies on technology, which covers almost every business operating today, can benefit from managed services. Managed services providers understand that not every business has the ability to pay for an internal IT department which can be very expensive yet necessary to ensure all aspects of technology are supported. Without this backup, many small businesses find themselves in a position where they have to foot a very expensive bill to recover from a disaster or emergency. In other situations, using out-of-date or ineffective technology is simply a waste of both time and money on the part of the small business.

Here are ways small businesses can make the most of their time and money by hiring a managed services provider, like Nerds On Site.

Focus on running the business – One of the major benefits of outsourcing your technology needs to a company like Nerds On Site is that you as a business owner and your employees can focus 100% on their individual duties to keep the business moving in the right direction. This is the most valuable use of time for all parties involved, instead of hours or even days lost when trying to deal with technological issues that in-house employees are not trained to handle.

We can offer expert advise – there are many small businesses that simply do not know what they need to improve the functionality of their business. The old adage, “what you don’t know can’t hurt you” does not apply in all cases. By consulting with a managed services provider, you may discover areas of your business which can be improved that you previously thought were working “just fine”. Expert advice may be able to help you improve the efficiency of your business while positioning you better within the industry.

Support when you need it – Managed Services providers are not only there in the event of an emergency or recovery but also provide monitoring, which can invaluable in preventing problems before they can impact your business.

It is important for every small business to carefully examine their technical needs in order to see what services will be most beneficial to the company. Nerds On Site can offer services that not only reduce technology costs over time, but also improves functionality, which in turn saves time. When this balance is achieved, a small business is in the perfect position to thrive and grow

[this is an excerpt from a previous post by David Redekop going into much more detail on why securing your network is important.]

“I actually personally met a successful business person this week (let’s call him Bill) who admittedly didn’t care if his network was breached, until I pointed out the dangers (and I’m sure there are more):

• His network and Internet access could be used by a criminal to carry out criminal activities while Bill will carry responsibility as his Internet connection was used.
• Casual sniffing of his activities online can be captured and in a short while enough data can be gathered to steal his identity or anyone’s identity using his network.
• Any equipment that hosts data of any sort is much more vulnerable to attacks “from the inside” when your network is widely accessible.”

Why would anyone want to access your network? The better question is: why would you give them the opportunity and put your data and personal information at risk?

[this post is from Dennis Houseknecht, a Nerd in West Virginia]

At least most internet users are becoming more wary of phishing email messages. The attackers are countering by increasing the sophistication their attacks and by targeting them to the interests of specific individuals.

Here is an article about malware that is written specifically to steal Microsoft Office documents. Imagine the information hackers might tap into if ALL your business Word document and Excel spreadsheets were harvested. The primary delivery vehicle has been bogus email messages claiming to be from FedEx, but we are sure to see others. Companies who regularly receive FedEx shipments would be likely victims.

Here is another article describing how targeted attacks are aimed at gamers, government employees, and small businesses.

Opening links in emails can be very dangerous. You can never trust a link to take you to what it says. All modern browsers will reveal the actual “target” of the link of you hover over it with the mouse. This does not work for shortened URLs, though. You can see where those actually point by pasting them into the expander window on a site like Long URL. There are also browser plugins that will expand shortened URLs.

This topic became front-of-mind for me this week as I taught my seven and six-year-old sons how their own reputation is built over time.

Our CEO calls these the 5 Elements of Branding which clearly refers to how a brand or business is perceived in the clients’ mind.

1. How I look.

Like it or not, we pass judgment immediately on appearances. Smiles are free and most effective. Clothes and hairstyles matter. Cleanliness and shape of business vehicles affect your look.

1. What I do.

The actions we take often speak louder than words. The choices of actions communicate our priorities. Responding to concerns of clients clearly applies here.

1. How I do it.

Even my 1-year old can tell if I’m joyful or not. Certainly clients are able to discern if our service delivery is done with passion and intent or out of obligation. Body language will always influence your reputation and mine.

1. What I say.

Even though the words we choose to use only communicate seven percent of a message (the rest being tone of voice and body language), what we say is crucial. Speaking in terms that are consistent with our mission statement, praising good deeds and standing up for the wrong we see are all part of this element.

1. How I say it.

Enthusiasm, tone of voice, body language, passion all are powerful elements of how we communicate. The greatest personal and business brands fare well on the how.

It’s not difficult to see that over time, reputation and brand-building is like compound interest. The key is to ensure the trending is consistently in the positive direction, and when blips occur, they are healed and recovered fairly quickly.

How do you/we measure up on these five fronts?

[this post is from Dennis Houseknecht, a Nerd in West Virgina]

According to a recent study from Cisco:

“After the 2010 cybercrime turning point, when spam levels started to decline for the first time, this trend continued throughout 2011, a trend, according to analysts, can be explained mainly by several key botnet takedowns throughout the last two years. However, the number of vulnerabilities increased; there are fewer widespread attacks but greater numbers of smaller, more focused attacks.”

- The “good news”: there has been a significant reduction in unsolicited bulk spam
- The “bad news”: because cyber criminals have figured out that the ROI on bulk spam has gone down as users, especially business users, become more aware. The trend is now TARGETED spam – which provides a greater ROI for criminals. Targeted attacks are more dangerous and are INCREASING.
- The “more bad news”: Younger employees have a more cavalier attitude toward IT policies – 7 out of 10 “frequently ignore IT policies”.
- The “the worse news”: 1 out of 4 of these young employees is a victim of identity theft before the age of 30. That is a stunning statistic, and one that should get the attention of employers.

You can read more in this Business Day article.

You can read the Business Day article at: http://www.businessdayonline.com/NG/index.php/markets/companies-and-market/32587-mass-spam-declines-targeted-attacks-on-the-rise-cisco-warns

If your business offers unfiltered access to the Internet, chances are there are minutes or hours in the day where non-work activity takes place. Some employers have a work environment where this unchecked and unfiltered state is actually part of a morale of trust and confidence that the staff will get the work done even efficiently and keep a high level of productivity.

Two weeks ago we offered a free trial of a Unified Threat Management appliance to this client of ours at an insurance brokerage of about 15 staff. They had operated without any filters for many years and wanted to at least know what was happening. So we followed these simple steps to allow for a smooth transition and to keep everyone aware of upcoming changes.

Step 1 – Have an Acceptable Use Policy written and signed off

An Acceptable Use Policy – AUP – serves the purpose of making sure all staff know what is acceptable at the workplace, and what isn’t.

Step 2 – Implement a Unified Threat Management Appliance in Monitoring mode

An appliance can be installed at your office premises without disrupting any exiting access, and simply give the employers insight into how the Internet is being used throughout the premises.

Step 3 – Apply appropriate filters

This final step should be in complete accordance to the Acceptable Use Policy.

Special case considerations

• Social Media use is often restricted as it is seen as personal and has no role during working hours. However, most businesses now have a legitimate reason and role to play on twitter and facebook to maintain their own business presence.
• Time of Day access. The complete filtering of all social media access may have a negative effect on morale, and some companies choose time-of-day rules to allow social media access during lunch hour, for example.
• Logs may be misleading. If it’s your first time implementing a UTM, you will likely notice log entries of websites being visited, and when confronting said employee/computer, you will encounter denial. This can be legitimate because millions of workplace computers are infected with malware that cause the computers to operate silently under the control of botnets. Protection from web-based viruses, malware and spyware is another strong reason to implement and keep a UTM at every office.

It’s also worth pointing out that 3G connectivity through mobile phones is ubiquitous in many areas of the world. So blocking facebook on the work computer may simply cause the employee to use their own mobile phone instead. This is why an acceptable use policy is important to have in place. Consistent use of a mobile phone also leaves an optic that is not hard to detect by fellow employees and supervisors.

Do you have any specific need you don’t see covered here? Chances are it can also be achieved with a UTM.

[this post is from Dennis Houseknecht, a Nerd in West Virginia)

Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals.  Criminals and security researchers are constantly prodding and testing the code, looking for flaws that can allow a “computer hacker” to take control of a computer or steal valuable data.

When a flaw is discovered, the software vendor issues an “update” or a “patch” to fix the problem.  It is like a recall to replace a defective part for a car.  Failure to apply these updates leaves the system vulnerable to attack or to be compromised, as these cybercriminals use these same updates to reverse engineer ways to take advantage of these vulnerabilities.

Your organization may think “Why would they want to attack us?” We argue – why give them the opportunity, and put your organization at risk?

On rare occasions, an update will cause an unanticipated compatibility issue with a specific application, and the application vendor normally addresses the issue promptly.  The solution is NOT to stop updating the system indefinitely. This WILL leave the system vulnerable, making the entire network vulnerable if infected or attacked.  As a last resort, if  postponing updates is required, it should only be for as short of a time as possible, and the ideal approach would be to ensure that the system that is not updated is not used for other purposes (taken off the network) and not exposed to threats to which is may be vulnerable.

No application is permanently tied to an older version of JAVA, or any other application.  If a JAVA update does cause a problem, it is NOT wise to revert to an older and vulnerable version of JAVA. On very rare occasions, we have seen a situation where a JAVA update causes an application (typically one that is poorly written) to “break”.  In all such cases, the vendor responded by quickly updating THEIR software to be compatible with the new version of JAVA.

We do recognize that applying updates to systems that have not been properly maintained and updated properly may cause some frustrations, inconvenience, and perhaps even consternation, to users who were faced with changes in the “look and feel”, or a change in settings.  However, any problems beyond this are less related to the updates themselves, and more to the lack of proper maintenance or updates to the systems as a whole.