April 2014

Well that didn’t take long. We didn’t make it out of April and there is already a serious vulnerability that won’t be patched for Windows XP – a serious Internet Explorer flaw. US-CERT, a division of the Department of Homeland Security has advised US citizens to stop using Internet Explorer until it is fixed, as they could find no practical workaround.

I try to be neutral about such things, but I gave up Internet Explorer long ago for Google Chrome. It’s faster and more stable, and I wouldn’t go back for anything. There are very few sites that won’t work with Chrome so I recommend you check it out.

It’s been a busy month as I also sent out an advisory a couple of weeks ago about the Heartbleed vulnerability which affected secure websites.

With Heartbleed, it’s important to note that there have still been no confirmed instances where the vulnerability was successfully exploited, so while a very serious issue, it seems maybe it was caught before real damage was done. However, there are two important steps you should take just to be safe:

1. Change your password on all secure sites
2. DON’T use the same password – each site needs a strong and unique password

I know, I am groaning right along with you. Multiple passwords are a headache. However, the way most of these hacks work is they break into some silly meaningless site where security doesn’t seem to be important. Maybe you signed up for a rewards card or you posted a question in an online support forum. They get your name and password, and then they follow the money – bank sites, shopping sites where your credit card info is saved, financial sites, etc. And guess what – you used the same login and password on one of those sites, I guarantee it.

What I do is I use a strong and unique password on all sites of concern. I do compromise and reuse the same password on many of those other sites, as long as I am sure there is no personal information or financial information attached.

The best way to manage all these passwords is to use a tool like LastPass. It securely manages the passwords for you. I’ll be honest, it is an added risk, because if my LastPass account is ever compromised, I’m in real trouble. But my LastPass vault has over 150 entries – I couldn’t possible manage without it.

Let me know if you have questions or need any help!

March 2014

I think Spring might be coming. Got a glimpse of it this weekend! I’m excited about the forecast this week – I’m not sure how many would agree with me, but I just love a good spring day-time thunderstorm. Dark outside with rumbles of thunder and the rain pouring down – of course it’s like snow, the first one or two are fun, and then I’m ready to move on.

Don’t forget that Microsoft ends support for Windows XP next week. Despite what some are reporting, there has been no meaningful extension of support. They have agreed to extend malware updates for 1 year, but that is only one small piece of the puzzle, and certainly it’s intended to help home users buy a little more time. There is no justification for using XP in a business setting any longer, and we haven’t come across any compatibility situation that could not be addressed.

We’ll get to start this process over again, as support for Windows Server 2003 ends next spring, and it is also still widely in use for small businesses. I am a strong proponent for making wise investments in technology and ensuring that you get the most return out of that investment that you can, but in the case of XP and Server 2003 it is time to move on, and the benefits will justify the expense. Let me know what questions you have.

Don’t forget that spring time is a great time to review your Internet & Phone service bills. These recurring charges add up to a significant expense. Let me help you review your current situation and advise you on the new options available. It’s not unheard of for us to help a client to increase bandwidth and save thousands of dollars at the same time, many times with the same carrier. I’m happy to review your bills and help, just give me a call!

Toll-Fraud is still a big issue we are seeing out there, so it is extremely important to make sure that you have the proper security measures in place on your phone system. I’ve listed some guidelines below to assist you in securing your system. Please note there may be other factors to consider, and if you would like us to audit your security, we are happy to help.

Use strong voicemail-box passwords and change them routinely. Do not keep default passwords. Consider passwords longer than 4 digits.
Consider not allowing your users to make calls from their voicemail-box.
Review user rights and limit the ability to forward or conference to an outside number to only those users needing that feature.
Phone systems should be behind firewalls or have the built-in firewall enabled. Review your firewall configuration for maximum security.
Contact your PBX vendor to discuss the proper security measures to be taken on your system.

January 2014

With great pride, I presented an award to Marty Peralez this month for his 10th anniversary with the company. Marty is an invaluable part of the team and I can’t believe it’s been 10 years. Marty lives in Gardner with his wife and 2 sons, and is heavily involved in Soccer. We’re glad to have him around! Marty will be headed out with his wife for a well-deserved skiing vacation soon. With Marty’s anniversary, 5 of our 8 staff have been with the company more than 10 years.
Don’t forget about the upcoming End of Support for Windows XP. We’re in the final stretch. I expect higher prices and availability issues as we get closer to March, so I recommend getting in now while you can. Office 2003 is also becoming unsupported on April 8th. That’s not as big of a concern but something you should be aware of. As I’ve mentioned before, a lot of times the bigger issue becomes 3rd Party apps that will no longer support the Microsoft software.
I’m working on lots of new solutions for phone service – virtual, private cloud and on-premise. Lots of new ways to do things, we have something that will fit your business model. More information to come next month!

Windows XP – The End is Near

Are you ready for the end of Windows XP support? The upcoming deadline of April 8, 2014 is not a trivial matter – please take a minute to read below to learn more. If you have any questions, we are happy to help!

The background: Windows XP was released in 2001 – 12 years go. Sales were ended in 2008, and mainstream support ended in 2009. End of extended support is April 8, 2014 – meaning there will be no more security patches.

I am a big proponent of getting the most for your investment, and I don’t make recommendations to upgrade to the latest thing just for the sake of upgrading. The end of support for XP is a serious concern for any business. The lack of fixes for security vulnerabilities will mean that your computer will be a sitting duck on the Internet. Viruses and malware will quickly spiral out of control.

Further, XP has been a hindrance to 3rd parties (think anti-virus, printer drivers, websites, etc.). I expect these companies will also end all support for XP in April or very soon thereafter. Websites will not display properly, new printers won’t work, etc. Already, the current generation of Intel processors will not run XP! All of this adds up to a headache you don’t need in your business. If your business requires some level of compliance (healthcare, banks, law firms, CPAs), you simply have no choice, and would be exposing your business to significant liability with XP.

The good news: Windows 7 is excellent. It is much more secure than Windows XP, and much more stable. It will be supported through 2020, 7 more years. A new PC today will come licensed for Windows 8, meaning you can transition down the road with no licensing cost. If you have one of the very rare applications that will not run on Windows 7, you can run “Windows XP Mode” within Windows 7 for no charge. This will allow you to use that legacy application while managing the risk within a controlled environment.

The bad news: Time is of the essence. Microsoft estimates that over 20% of users are still on XP. We are about 6 months away from the deadline, and it’s going to get significant press as we get closer. I expect this to cause issues with hardware availability and increase pricing in early 2014. Please don’t wait till March!

This is also an opportunity to review the use of technology in your business. Do you need all those desktops? Is there a place for laptops or tablets? Would fast new Solid State hard drives (SSD) save valuable time? Could Windows 8 and touch screens benefit some departments such as sales?

Lastly, I will leave you with my philosophy on hardware upgrades. I suggest replacing computers on a 4 year schedule – that lets you get the maximum ROI possible. It’s important to factor in the ongoing costs of a machine. Payroll is the largest expenditure for most of us, and it’s important to maximize the return on that investment also. If a new PC could save one employee 5 minutes per day, that’s over 21 hours of capacity per year! If that employee’s burdened cost is $25/hr, that’s over $540 per year, or if that employee generates $100/hr in income, that’s $2100 per year for 5 minutes in savings. Sometimes, hanging on to that 8 year old PC that takes 15 minutes to boot is penny wise and pound foolish.