Problems, problems, problems

David Kellett

David Kellett is the owner of K.I. Computing in Powell, WY.

Have you ever thought about what it is like for an IT tech to have problems on their own systems? Have you ever thought about the headache they share with you concerning their own IT systems? Let’s face it. We run into the same problems you do, and thank goodness we do.

This helps us to be better able to serve you. We run into things during the course of business just like you. We have to figure out solutions to our own problems. Many times our own problems give us solutions that benefit you.

First, our own problems help us to grow and learn. It allows us to track a problem and record the fix. It allows us to see things from a completely different perspective. It hones our skills so that we become better at what we do.

Second, when we’ve faced a problem that you are now experiencing we are able to provide you with the solution. We are able to save you more time and money because we’ve seen this before.

Third, it makes us sympathetic to our clients. We’ve been there, we’ve done that, we can commiserate with you. We know how much we have suffered with that problem, we know what you’re going through, and it makes us more responsive to you.

Never forget, you are not alone. We’ve been there to and we’ve gotten through it. We’ll help you get through it too.

K.I. Computing, http://www.kicomputing.com, (307)271-6059.

Thanksgiving

Family with Santa

Last Christmas with Santa

We’ve just gotten through the Thanksgiving weekend and here at K.I. Computing are excited. Our company is growing by leaps and bounds. We have so much to be thankful for here.

First, I would like to thank all of our clients. If it weren’t for you we wouldn’t be able to be here. We are honored that you’ve made the decision to include us in your business family. Second, I would like to thank our staff. You have helped me learn and grow as well as have made my life bright. Without your help so many things would not have gotten done this year. I’m so glad you have stuck with me from the beginning. Third, I’d like to thank my family. You’ve put up with me forever and you will be putting up with me forever. You are the most precious thing a man can have. Fourth, I would like to thank my wife Kelly. You are a beautiful influence for me. You have always been constant and sure. You’ve always been my light. You lead me to do better and to be better. If it weren’t for you I do not know where I would be.

I’d love to hear from you. Let me know how you and yours have been doing this year. Let me know if we can help you to grow. With my best wishes.

David Kellett

Owner

K.I. Computing

(307)271-6059

http://www.kiocmputing.com

kicomputing@kicomputing.com

Is Remote Desktop Protocol Safe

David Kellett

David Kellett is the owner of K.I. Computing in Powell, WY.

For years when working with remote computers many techs, like myself, have utilized the Remote Desktop Protocol (RDP). It’probably one of the first remote desktop programs new techs use to access a clients computer. It comes with every iteration of Microsoft’s Operating Systems since 1998. It is prolific. Now, there may be a problem with it.

According to TrendMicro, beginning in January of this year, ransomware attacks have been on the rise, coming through the use of RDP.  Who do you think the Prime target is? “…the most consistent target has been the healthcare sector in the United States.” (TrendMicro, TrendLabs Security Intelligence Blog, Brute Force RDP Attacks Plant CRYSIS Ransomware, Jay Yaneza (Threat Analyst), downloaded 11/17/2017)

TrendMicro goes onto say that how these attacks are done is by transferring files during an RDP session. In most cases mitigation could have helped if the System Administrator had implemented some simple security properties within RDP. One of the primary ways to do this is by denying any access during an RDP session to copy files or access the clipboard. Simple measures can sometimes be the best solutions, if you know about them.

Cloud Management Suite goes even further in their ideology of what you should do with RDP. First they recommend that you completely disable RDP, second they recommend that your System Administrator find a completely different program that will allow them to access machines remotely, finally they recommend that you implement a, “… rigorous Patch Strategy.” (Cloud Management Suite, RDP: Is the ‘R’ for ‘Ransomeware’?, downloaded 11/17/2017.) This means that your computers actually need to be updated as soon as a new fix comes out.

In many cases this has been left up to whomever is acting as your system administrator. Many owners turn a blind eye because they just don’t want to be bothered. They just want everything to work. Not becoming involved with what is going on with your systems could lead to catastrophe. As the owner of a business you need to be involved. Plans must be put in place that will protect the investment you’ve made in your companies computer environment. Plans must be made to mitigate a breach, and employees must be trained on the importance of security.

K.I. Computing. We want to help.

(307)271-6059

Don’t let this happen to you

David Kellett

David Kellett is the owner of K.I. Computing in Powell, WY.

Rueters Business just came out with a new report showing the cost of a Cyber Security breach. Equifax, who recently suffered a security breach in which 140+ million American’s private information was stolen by hackers. I have not seen any report that they were able to track down who did this to them, but it cost them dearly.

As of right now that hack has cost them $27.3 million in expenses. Their CEO, Richard Smith, resigned over the incident. He went on to claim that he tried to get the company to make changes and implement a security initiative that would have prevented, or at least made mitigated the chances, for an event like this to happen. Company officials refused to implement these changes. To them, they just saw it as an expense. What do you think they’re initiating now? I’ve already mentioned how much it has cost them for not implementing these changes prior to the breach.

Don’t be like Equifax. Don’t suffer from a data breach and incur the costs of having to implement protocols that should have been in place before an incident occurs. Train your employees on the importance of security. Have policies in place to mitigate a data breach before it happens.

According to Nick Ismail, writing for Information Age, a company should be, “Creating a security culture within a business…”. He goes on to point out, “CIOs and CISOs need to ensure that every employee in an organisation is aware of the potential threats they could face, whether it’s a phishing email, sharing passwords or using an insecure network.”

Training employees on a regular basis in keeping data safe, and insuring that they are following company policy for protecting the company’s network. That information is one of the most important goals in Cyber Security. Without this training being done regularly employees tend to lapse in their judgement and can expose company data without intending to. If training is not done on a regularly schedule basis they tend to forget company policy and what they are supposed to do to mitigate a data breach. It’s a nightmare in the making for a company who fails to train their employees.

Contact us to see what we can do to help you in your Cyber Security goals. You can reach us at (307)271-6059. We’ll give you a Cyber Security Analysis at no cost and make recommendations that could save your company’s data and, help you mitigate the possibility of a data breach.

The EU’s GDPR

David Kellett

David Kellett is the owner of K.I. Computing in Powell, WY.

First, I want to start by giving my sincere condolences to the victims of the recent terror attack in New York City that claimed the lives of eight people. I pray that the families of all the victims receive comfort and guidance to help them through these troubling times.

With that said, let’s discuss the GDPR legislation from the European Union that takes effect in May 2018. This piece of legislation will affect all businesses that do business with any European Union member nation the United States and the EU have which allow the parts of the GDPR to be enforced on United States companies.

What is the GDPR?

The GDPR, or the General Data Protection Regulation, is Regulation (EU) 2016/679. It is designed to strengthen and unify data protection for European Union Citizens. It addresses the export of EU Citizens personal data outside the EU.

Its primary focus is to give EU Citizens control over their personal data. It is to simplify the regulatory environment for international business. It replaces the Data Protection Directive of 1995. It will change the conversation on privacy protection.  If your company deals with sensitive data you need to be aware of this.

What does the GDPR change?

Any organization that provides goods and services to EU member nations Citizens, even if it is for free, non-profits beware, are subject to the GDPR. All of you must comply with the GDPR or face the consequences. Cloud based companies are especially susceptible to the GDPR.

What can you expect?

When the GDPR goes into effect you are required to be compliant on day one. Employee awareness training is mandatory. You are supposed to have a Data Protection Officer (DPO) who is to be responsible for this training. They are also responsible for periodic audits to demonstrate that you are in compliance. So far, specific requirements for training content has not been given.

All of your employees are to be trained, whether they have access to private information or not. So long as an employee can possibly download a virus they must be trained.

Data protecting, that is designed well will be required. You have to have sound technical measures in place. They must be built into new products and services.  They want data collection processes to collect the as little data as possible. No more than is necessary to do business.

The DPO and IT must coordinate the implementation of measures to reach a level of security that is appropriate for the potential risks. They must implement data breach policies that passes on data breach information. You will be required to report a data breach within 72 hours or face fines. You are required to report these data breaches unless it does not cause a risk to the rights and freedoms of any individual.

The DPO is to ensure that your business is compliant with the new EU rules and regulations even if you do not have operations in the EU. The DPO is to operate independently of your organization. There will be even more requirements for companies that process large batches of information.

What are the Fines?

In the case of non-compliance or a data breach that is not reported on time the fines that you will face are ridiculous. You will be fined $22 million or 4% of your total profit for the preceding year. Whichever is greater.

What’s the difference between GDPR and other EU – US regulatory statutes?

It is not the same as the Privacy Shield, Safe Harbor Framework, or the Data Protection Directive. It is meant to be the successor of the Data Protection Directive and it replaces the Safe Harbor agreement. Its aim is to protect the personal data of Citizens of the EU. It is meant to protect their data when it is transferred between the EU nations and the United States. It is also meant to ensure that businesses dealing with this personal information are real, legitimate, and doing all that they can to protect a client’s data. Therefore; it is broader in scope than any previous legislation.

Conclusion

The GDPR is going to put more pressure on businesses here in America. It will force them to hire organizations that train their employees on cyber security. It will force them to hire either organizations or individuals that can act as DPOs. They will have to assure that these people can, and do, work along with their IT personnel to assure compliance. There will be no exceptions to this policy. If you fail to do proper audits or training you will face the gun of United States compliance with the EU in implementing these protocols.

You need to plan for these events and have the proper policies in place. You should do this before March 25, 2018. Please feel free to contact us for more information. We want to make sure you and your company are protected from repercussions that these new regulations require.

Dave Kellett

Owner

K.I. Computing

434 S. Gilbert St.

Powell, WY 82435

(307)272-6059

http://www.kicomputing.com

kicomputing@kicomputing.com

Cyber Security

Since Equifax go hacked recently the buzz word has been about Cyber Security.  In that incident over 140,000,000 now have their personal data in the hands of Cyber criminals. Yes, hackers are cyber criminals.

Does this scare you? It should. It may be your information floating around out there. Mine could be floating around out there. I have no idea if Equifax is going to notify all of those people that it was their data that was lost. Is your business ready for it? Do you have a plan for the future?

Chances are most of you do not. For smaller business it is a little more difficult to afford the the software it takes to protect themselves. Have you had an audit done? Do you know where your data is and who has access to it? If it was Equifax you need to be concerned.

A recent study done by Ponemon Institute has concluded that the average cost now of data breaches to US Companies is $7.35 million. Again, that is $7.35 million. Could your firm afford that?

Now with the EU’s new GDPR legislation taking affect this May there could be even more costs. They intend to fine any company doing business with companies in the EU $20 million or 4% of a companies yearly gross receipts, whichever is greater. If you do business with any EU nation this affects you.

What can you do about all of this? You need to have your systems audited. You need to create a plan for what you will do in case of a data breach. You need to have all of these processes in place, train your personnel on these processes. You should have training on how to avoid cyber security hacking at least four times a year. That’s once a quarter to refresh your employees memory and emphasize the importance of maintaining a secure work environment.

Can you stop all hacks. According to CompTIA you cannot. You can do everything that you can do; however, to mitigate these attacks. You can take the steps now to protect your and your customers data.

You can start by getting a complete security audit. You can create a plan to implement what the security audit recommends. You can make a plan for what to do if a data breach happens. You can start training your people right now.

Contact us; http://www.kicomputing.com, (307)271-6059, or email – kicomputing@kicomputing.com for more information.

David Kellett

David Kellett is the owner of K.I. Computing in Powell, WY.

Are your printers secure?

David Kellett is the owner of K.I. Computing in Powell, WY.

Are your printers really secure? I went to the ITEX Expo about a month ago. While I was there I decided to educate myself on security. One of the most important subjects that came up was printer security. The presenter informed us about how hackers are now using networked printers to get in to a company’s network. They are doing everything from Denial of Service (DOS) to stealing any saved data in your printer. It’s a problem you need to address.

                According to a UC Berkeley study of their own systems they found that, “IT administrators don’t always see them as the full-fledged networked computers they really are.” Let’s face it, a printer has its own hard drive, they have memory that keeps print jobs on them after you have printed your documents or copies that you have made. That means that hackers can sneak in and take all of your documents that are stored inside your printer. If these documents have sensitive data on them, such as; patient data, checking account information, social security numbers, etc., the hacker can get them. That doesn’t make me feel comfortable. Does it make you feel comfortable?

            Hackers have also found out that they can send documents to your printer and it will print it out. You lose ink, and paper that drives up your printing cost. Several colleges were hit by such an attack. These colleges include, “Princeton, Brown, UC–Berkeley, Smith, Mount Holyoke, the University of Massachusetts, Amherst, the University of New Hampshire, the University of Maine, and the University of Maryland.” (UC Berkeley Printer Security Best Practices.) Their IT departments were not prepared for such an attack as they didn’t consider their printers to be a computer that should be protected.

            According to Network Review, “One of the most frequently overlooked risks in both the commercial and consumer world is printer security” (http://www.notebookreview.com/feature/everything-you-need-to-know-about-printer-security/”). Printers have become more and more accessible. They are computer networks and available via wireless printing. Some systems are completely open, and allow almost anyone to print to them. For example, college campuses that have many conferences where people need temporary access. I have even seen at a College I attended did not disable, or deleted, the temporary accounts given out in these circumstances. Network Review also reported, “even more threatening is the possibility that a hacker could send your company malicious files…” (Ibid.)

            What can you do about it? Below is a list of things that you can do to help eliminate these problems:

·         Configure the printer’s access control list (ACL) to restrict access by subnet or device

·         Remove the default gateway in the IP configuration to disable Internet routing, making printing only available on your local network segment

·         Use a low-cost hardware firewall to block public Internet access to the printer

·         Configure another machine as a dedicated print server with appropriate access controls

·         Do not run unnecessary services

·         Update and patch your printers with manufacturer approved software

·         Choosing the right printer with the right security

·         Protecting internal Wi-Fi connections with WPA2 encryption

·         Set the printer to delete everything in its memory

·         Replace old printers that do not have these features

Following these rules and utilizing the software in newer printers will help reduce the possibility that you will be attacked through your networked printers. If you do not set these things up you are leaving your company and your files open to attack. Remember, security, security, security. It may not keep out all forms of attacks, as hackers evolve and attempt to counter your security protocols, but it will make you less vulnerable.

 

David Kellett

K.I. Computing

http://www.kicomputing.com

307-271-6059

Compliance Scans

Looking at finding out more information on the regulations that affect Dental Practices so we can provide more for them. We already have software to monitor their systems, give a report on their network functionality, test for compliance issues and check for issues on their servers/workstations.

We have partnerships with Rapid Fire Tools and Datto, Inc for these checks. They keep up with what is needed and help us to provide for the needs of those companies facing compliance issues.

These compliance scans are a $499 value. For a limited time I will do them for free. Call at (307)271-6059 or visit our website to contact us.

The Importance of Your Data

David Kellett is the owner of K.I. Computing in Powell, WY.

I know I talk about this often but it seems as though some small business owners just don’t understand. Many perceive their data to already be protected based on having an external hard drive or a tape backup. Many have no back up at all. They don’t see the benefit in utilizing an offsite/onsite backup solution. They look at anything similar to that as an expense rather than a benefit that they can plan out.

I remember one time I was at a plastic surgeon’s office. The office manager was related to the Doctor in question and saw a backup device and service as just an additional expense that they didn’t want to pay for. As a result of that thinking they had not updated their server in 10 years. Can you imagine working on a server that was 10 years old? It was an accident waiting to happen.

Their backup tape drive, also ten years old, finally gave out. They waited over three weeks before they called us and asked for help. I was dispatched to install a brand-new backup device. That’s when I started running into problems. My nightmare began as soon as I arrived.

The server, being so old and never updated, could not handle the new software that was needed in order to run the new backup device. At every attempt to update their software and the drivers needed to run the new backup device failed. When I talked to them about the need for an updated server with the latest software in order to have a platform on which the tape drive could function the relative who was the office manager replied, “Oh, no. We’re the poorest doctor around. We can’t afford that.” Then the worse got worse.

The server died the very next day. Since it was so old and the software completely out of date they lost all of their billing data. Over three weeks’ worth of data cost them hundreds of thousands of dollars. Their refusal to take care of their data put them out of business.

Not only did they have to face the reality that they could not bill past customers, had lost their clients contact information, but now had to face the consequences of HIPPA regulations and a slew of other regulations from different government agencies. Their decision to not protect their data did more than cost them.

Small businesses need to remember that there is a greater cost to losing their data than losing a few files. The regulatory compliance issues, that have only increased over the years, will cause you to suffer in greater ways than you expect. It’s time for you to plan for the worst and make sure your data is safe. It takes more than an external hard drive.

You have to plan for a complete disaster recovery and business continuity plan. You have to make sure that you can stay in business even when a disaster strikes. You have to keep your data safe and still be able to access it. This can be hard. It’s time to have your systems evaluated to see what you need to do in order to preserve your data. You can contact us for a free evaluation. Just call 307-271-6059 or email us at kicomputing@kicomputing.com. Or you can call many other companies that offer these services. Whatever your decision do it soon. You don’t want a disaster to strike before you’re prepared to handle it. 

“The 10 Disaster Planning Essentials For A Small Business Network”

If your data is important to your business and you cannot afford to have your operations halted for days – even weeks – due to data loss or corruption, then you need to read this report and act on the information shared. A disaster can happen at any time on any day and is likely to occur at the most inconvenient time. If you aren’t already prepared, you run the risk of having the disaster coming before you have in place a plan to handle it. This report will outline 10 things you should have in place to make sure your business could be back up and running again in the event of a disaster.

  1. Have a written plan. As simple as it may sound, just thinking through in ADVANCE what needs to happen if your server has a meltdown or a natural disaster wipes out your office, will go a long way in getting it back fast. At a minimum, the plan should contain details on what disaster could happen and a step-by-step process of what to do, who should do it and how. Also include contact information for various providers and username and password information for various key web sites. Writing this plan will also allow you to think about what you need to budget for backup, maintenance and disaster recovery. If you can’t afford to have your network down for more than a few hours, then you need a plan that can get you back up and running within that time frame. You may want the ability to virtualize your server, allowing the office to run off of the virtualized server while the real server is repaired. If you can afford to be down for a couple of days, there are cheaper solutions.  Once written, print out a copy and store it in a fireproof safe, an offsite copy (at your home) and a copy with your IT consultant.
  2. Hire a trusted professional to help you. Trying to recover your data after a disaster without professional help is business suicide; one misstep during the recovery process can result in forever losing your data or result in weeks of downtime. Make sure you work with someone who has experience in both setting up business contingency plans (so you have a good framework from which you CAN restore your network) and experience in data recovery.
  3. Have a communications plan. If something should happen where employees couldn’t access your office, e-mail or use the phones, how should they communicate with you? Make sure your plan includes this information including MULTIPLE communications methods.
  4. Automate your backups. If backing up your data depends on a human being doing something, it’s flawed. The #1 cause of data loss is human error (people not swapping out tapes properly, someone not setting up the backup to run properly, etc.). ALWAYS automate your backups so they run like clockwork.
  5. Have an offsite backup of your data. Always, always, always maintain a recent copy of your data off site, on a different server, or on a storage device. Onsite backups are good, but they won’t help you if they get stolen, flooded, burned or hacked along with your server.
  6. Have remote access and management of your network. Not only will this allow you and your staff to keep working if you can’t go into your office, but you’ll love the convenience it offers. Plus, your IT staff or an IT consultant should be able to access your network remotely in the event of an emergency or for routine maintenance. Make sure they can.
  7. Image your server. Having a copy of your data offsite is good, but keep in mind that all that information has to be RESTORED someplace to be of any use. If you don’t have all the software disks and licenses, it could take days to reinstate your applications (like Microsoft Office, your database, accounting software, etc.) even though your data may be readily available. Imaging your server is similar to making an exact replica; that replica can then be directly copied to another server saving an enormous amount of time and money in getting your network back. Best of all, you don’t have to worry about losing your preferences, configurations or favorites. To find out more about this type of backup, ask your IT professional.
  8. Network documentation. Network documentation is simply a blueprint of the software, data, systems and hardware you have in your company’s network. Your IT manager or IT consultant should put this together for you. This will make the job of restoring your network faster, easier AND cheaper. It also speeds up the process of everyday repairs on your network since the technicians don’t have to spend time figuring out where things are located and how they are configured. And finally, should disaster strike, you have documentation for insurance claims of exactly what you lost. Again, have your IT professional document this and keep a printed copy with your disaster recovery plan.
  9. Maintain Your System. One of the most important ways to avoid disaster is by maintaining the security of your network. While fires, floods, theft and natural disasters are certainly a threat, you are much more likely to experience downtime and data loss due to a virus, worm or hacker attack. That’s why it’s critical to keep your network patched, secure and up-to-date. Additionally, monitor hardware for deterioration and software for corruption. This is another overlooked threat that can wipe you out. Make sure you replace or repair aging software or hardware to avoid this problem.
  10. Test, test, test! A study conducted in October 2007 by Forrester Research and the Disaster Recovery Journal found that 50 percent of companies test their disaster recovery plan just once a year, while 14 percent never test. If you are going to go through the trouble of setting up a plan, then at least hire an IT pro to run a test once a month to make sure your backups are working and your system is secure. After all, the worst time to test your parachute is AFTER you’ve jumped out of the plane. 

Want Help In Implementing These 10 Essentials? Call For A FREE Disaster Recovery Audit. This audit will check your computers and networks for any possible problems with you backup/disaster recovery plan and show you what you can do to fix the problems. A $469 value for free.