Desktop and Server Offsite Cloud Backup

Customers new or existing should always have two layers of backup protection

The first layer is always an onsite copy of company data which allows for a speedy overnight backup to local disk over a high-speed network which gives you the value of speedy restores of large data chunks if needed ( e.g. a Ransomware attack ) 

The next layer of backup is to always have an offsite backup, so in the event of a disaster such as a building fire, theft or flooding, the servers could be fully restored when the backups are brought back to the new site with replacement hardware. Around 5 years ago when the average internet upload was around 1mb/s transferring 0.41 Gig / Hour, and cloud storage was more expensive , our customers utilised offsite copies using Tapes and Hard Drives.

However now thanks to new Fibre connections to UK Business which can delivery 100mb UP and Down, with unlimited plans, the offsite backup can now go straight to the cloud instead of worrying about the administration of changing Tapes and failure of External Hard Drives due to lots of motion.

At Response IT we utilize two main Cloud Services to provide our customers with always on restores and limit the administration of backups.

Veaam Cloud Connect for Virtual Backups

  • Integrates into VMware and existing Veeam Infrastructure
  • Item Level restores of Applications such as Exchange, SQL and Active Directory and Individual Files
  • Restore whole virtual machines ( If a virus hits a server you can restore everything in a short space of time without hunting down the infected files )
  • Automated Restore tests ( Servers get booted up weekly automatically to check everything is working as expected )
  • Inbuilt Encryption and Compression

CrashPlan for Desktop and Physical server Backups

  • File Level Block by Block copies which backs up data as soon as you change it. This gives long 30 day restores from a self managed web interface
  • Backs up Remote User laptops straight to the cloud without them needing to be in the office
  • Weekly Reports straight to site managers to check what's been backed up and what hasn't
  • License included in the CrashPlan Backup Subscription
  • Inbuilt Encryption and Compression

Both of these services utilize Datacenters with Gigabit internet connections with the availability of getting data copied to Hard drives for immediate restores in disaster.

 

Is USB a Risk or a Benefit now to Small Business'?

With the recent introduction of a 5$ device reported by the BBC http://www.bbc.com/news/technology-38012699 socalled "Poison Tap" which can be used to steal all Web Browser Passwords with Cookies in the matter of seconds, is the invention of USB a benefit or hindrance on business' now?

The risk of Data loss for business with removable media has always been a risk, since CD Copying drives were cheap enough to install on all desktops. This could be restricted with not installing a CD copying app back in the day and also copying company data at 600mb at a time using a 32x Speed writer blaring across the office wasn't the easiest way to go unnoticed!

Plug and play was a great new way for devices to plug in and go with windows without the need for manual driver installation and setting up devices. This technology meant users could even install Printers themselves! Now with the invention and scaling of flash storage, Finger sized USB's sticks getting above 256GB copied over USB3 at 300MB/s the risk is more apparent of data loss using this great technology.

Software is available for business' to start logging and monitoring items being copied over USB now which can be apparently often with people leaving firms decide to copy confidential company property and previous work owned by the company. This information is invaluable for any company seeking legal action against a company or individual.

Some companies have choosen an all out policy to save money which restricts USB ports on the computer entirely, much to the dismay of the workforce who want to keep their smart phones charged using the front USB ports! 

With the new threat now of USB sticks emulating Network adapters stealing password via network traffic, new systems will have to be put in place now to require user intervention when installing USB Devices!

Why not to use a free Anti Virus for Small Business'

There are lots of Free Antivirus out there e.g. Microsoft Security Essentials and AVG, so why should your business not use these to save money?

A very good question we can answer

Lack of centralized management

When managing over five computers you want to know what machines are up-to-date, What machines have had infections and where these are, and what machines have their AV enabled. This is the best way to mitigate a wide spread infection especially with Ransomware , where the last line of defense is disconnecting a computer from the network .

Licensing 

A favorite of ours for our home users is Microsoft Security Essentials. It's great on detections and it just works , howver it is for "home" users. Microsoft actually do not allow this for use in businesses for over ten devices. https://support.microsoft.com/en-us/help/13752/windows-security-essentials-eula

Free? 

 

Free Antivirus such as Panda Free and Avast Free make money from you by installing third party applications during install and also changing your default search engine and home page so they can monitor your browsing history and target adverts at you. AVG will also notify the user with deals to upgrade to professional version which waste's time.

 

Why to have a guest Wifi For Small Business

A sperate guest wifi network for your visitors and contractors can be massive benefit to the company and here are some great reasons:

1) Segregrates your guests from your main company network. This is one of the main reasons to perform this segregation which leads to an instant increase security and privacy of confidential company data. 

2) Limit and restrict access. If guests athenticate with the guest networking using a shared password or an individual user account , these can be changed without affecting your existing workforce's connection. Access can be limited to a specific timeline for example a week , day or month automatically.

3) Marketing. One of our event companies has used the offer of free wifi to guests as a marketing opportunity where guests are asked to like the company socially. User's signing up to the wifi service accept the terms and conditions for their details to be saved by the company which can then be used to market leads or services using newsletters.

4) Auditing. As you will be providing internet access to an individual through your connection you will liable for whatever they use this for. This Access can also be controlled in regards to what is allowed on the guest network , for example disabling streaming or Netflix as well as enforcing a Web Filter for safe browsing.

 

Spear Phishing what is it and how to protect yourself from it

As techtarget.com puts it : 

Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing attempts are not typically initiated by "random hackers" but are more likely to be conducted by perpetrators out for financial gain

How is this done

We have seen a few cases of this usually in the following order :

1) Attacker uses publically available resources e.g. Social Sites , company websites to get a name and email for a financial controller as well as the managing director of the company

2) Attacker uses a third party email server to fake [email protected] email and sends the below email to [email protected]. Attacker could also try emailing from [email protected] ( notice the ltd the end! ) 

Hey financecontrollername,
I'm in the middle of a meeting , not available on the cell phone , but need this actioned NOW please transfer $$$$$ to this bank account let me know when done
managingdirectorname

Attacker also tries to send emails to financecontrollername saying 'Hey are you there ?'

3) financecontrollername sends the money and emails managingdirectorname when done , only to find out managingdirectorname never asked for this transfer

How to protect yourself from this

1) Careful what information you have publically available such as emails as it can be used against you. Also be careful emailing people you don't know , the attacker copies your signature to validate the email as best as possible

2) Get your IT provider to use SPF Records along with DKIM records to either put all the emails from your organisation that are from unknown senders into SPAM , or mark the Subject as SPAM so the end user knows to be wary. This can be done with Spam Filters and Exchange

3) Financial Controllers should always speak to MD's when unsure of moving money around , better to be safe than sorry as they say!

If you have already been effected

Speak to your local Police by dialling 101, and report it.

Speak to your bank, there is a 24 hour window where bank transfers can be halted, speak to them as soon as possible

Office 365 local UK datacenters now available for complete UK Data residency

Data residency refers to the physical or geographic location of an organization's data or information. Similar to data sovereignty, data residency also refers to the legal or regulatory requirements imposed on data based on the country or region in which it resides.

This will now help address renewed concerns from UK business around data sovereignty and privacy, particularly in the wake of the European High Court's recent decision to scrap the Safe Harbour agreement

However with the fallout from Brexit it is still unclear what agreements the UK will keep from the EU in regards to these, and it pleasing to see, Microsoft (as well as Amazon) are stilling launching their UK Datacenters

Industries effect the most by Data residency

  • Finance 
  • Legal
  • Defense
  • Government 

Microsoft’s “How to request your data move” page is clear that for UK customers the request period begins on 1 December 2016 and ends on 28 February 2017, the actual migration of the data can take up to 2 years

Top 5 Free Security Recomendations for our new and existing customers!

Be careful where you enter your username and password

There is a well-known attack on the internet called Phishing where attackers email you an email which is EXACTLY like an email your bank would send you or paypal asking you to login to your account for various reasons such as Unclaimed Tax , A security problem or a problem. When you click on the link you sign in , but unknowingly to you , you it has just sent your username and password to the attacker.

Make sure when you click on an email you are actually going to www.gmail.com if logging into email and not www.g-mail.com. 

Use Open ID / OAuth where you can

Open ID is a methodology of using a third party to authenticate yourself with for another website. For Example recently as Dropbox got hacked and their User Database leaked you can now sign into Dropbox with your Google Account. The two other main accounts you usually find are authenticating with your Facebook / Twitter account. These are GIANT organisations who invest heavily in layered security to make sure their User Databases will never get breached, as well as monitoring your behaviour to detect suspicious logins from new countries and asking for extra verification.

This enables you, just having to worry about securing your facebook/google account with a long and secure password instead of multiple accounts and it also enables Startups like dropbox to outsource it's user's security.

Use a password manager which will allow you to have a different password for each website

Most web browsers will come with one of these for free ( which save your Username and Passwords ). This enables you to have a separate random password for each site so if one does get hacked , you don't have to worry about the attacker having the same password for all your other sites.

Enable Two Factor Authentication on accounts where you can

Nowadays a 13 Character password with Uppercase , Lowercase , Digits and Symbols is still not strong enough to be compromised. Passwords get stolen in a variety of methods so you need an extra layer which changes all the time. This is something called 2 Factor Authentication and its usually done on your mobile device, so when you login you are asked for a Key which can be generated from your phone or SMSed to you. 

Sign up to https://haveibeenpwned.com/

https://haveibeenpwned.com/

When you sign up to a third party website such as LinkedIn and Dropbox , you usually sign up with a username and password that is generic across your other logins such as your email and bank accounts ... right? This is usually due to one password being hard to remember. Unfortunately sometimes these sites get hacked and the attacker downloads the whole website and can get these details. They then use these details for example to login to Paypal and send themselves money!

Signing up to this site means as soon as one of these sites gets hacked and released to the public , you get alerted so you can change all your passwords

Be careful for Spear Phishing

We will be covering this in more detail in a specific post , however briefly, Spear Phising is an email that appears to be from an individual or business that you know. But it isn't. It's from the same criminal hackers who want your credit card and bank account numbers, passwords, and the financial information on your PC. There are numerous ways this can be blocked which we do for our existing customers , however when handing over information via email especially financial transfers always double check with phone calls!

What is a MSP ( Managed Service Provider ) and why does your business need one?

MSP (Managed Service Provider ) Brief definition : Is a company that provides your company with IT Services such as Network Administrator, Server Management, Desktop and  IT Support

Here are the main Services that Managed Service Providers in Surrey, such as Response IT Provide

IT Helpdesk

This is probably the most important one that you think of when you need IT. Which is the speedy resolution of a problem with your Phone , Computer , Printer or Email! We operate a layered team of technical people who await your problem and will stay with you until we fix it or find someone who can! We use tools such as an IT Ticketing System to log calls so we can monitor call volumes from companies analyse ongoing problems so we can fix them instead of them reoccurring as well as providing training where needed.

This part of the organization is also responsible for looking at ongoing problems users face and recommending new software and hardware for the organization like server and computer upgrades or a new piece of software to speed up users existing work. These recommendations turn into Projects and are managed through the same ticketing system.
 

RMM (Remote Monitoring and Management)

This is a service we provide which you don't get to speak to as much as the IT helpdesk, but it's very important to the continued running of your IT System. We have monitoring tools to check that your system is running fine with regards to servers being alive , internet connection staying up and not being heavily utilised and also everything is up-to-date. This enables us to fix problems before you even know about it!

We have a dedicated NOC (Network Operations Center) who are solely responsible for the task of remote management. This team also help us to automate tasks such as rolling out Security Updates and Software , performing a SAM Audit of your network to check Licensing compliance and check of backups which brings us onto the subject below!

Backup and Disaster

Another big one that happens behind the scenes and is very important with new threats we are seeing such as 

  •     User Error

  •     Natural Disasters

  •     Hardware Failures

  •     Cybercrime

  •     Insider Threats

We provide services which can give you multi-layers of backups which can protect you from any of the above and enable you to recover for accidental deletions , virus outbreaks which cannot be recovered from ( such as Cryptolocker ! ) as well a Disaster Recovery solution where in the worst case the core of your business still runs to avoid and loss of business

 

Why do you need one of these?

All the above main services are there to keep your IT Infrastructure running which enables you to keep running your business without interruption. Downtime of an IT System is an unexpected cost which gets overlooked but costs the company by :

  • Employees not being able to work ( Waste of salary / time cost )
  • Existing customers not being able to contact you to either create new business or continue existing
  • New Customers not being able to contact you and going to a competitor
  • Loss of Data - The re-doing of existing work or permanent loss of a customer

Going with an MSP gives you access to a broad range of skillsets with our unique experts which enables speedy resolutions of problems if/when they happen and a plan to mitigate these in the future

 

Major British Telecom Outage - October 2016

We are seeing and this has been confirmed, that there is a current outage with BT Broadband at the moment

http://downdetector.co.uk/problems/bt-british-telecom

You can find the BT Service Status page here : https://btbusiness.custhelp.com/app/service_status/

BT actually cannot be blamed for this fault however it does point to their system needing more resilience!

Openreach have confirmed a major cable break in this area caused by a contractor working on behalf of a third party, unconnected to Openreach or BT. Specialist equipment is due to arrive onsite at 04:00 on 22/10/2016 to begin full restoration of services

Customers with Draytek Routers can failover to their 4G Wireless Dongles until the problem is fixed. Please speak to us if you would like information on getting one of these setup at your company.

What brexit means for UK IT Hardware and Software Costs ?

Brexit has dropped the price of the GBP against the USD to a 31 year low. The United States  is where most hardware and software comes from so this has direct ramifications now on costs in the UK

Time Line 

Dell increases prices by 10% - 6th July

We carefully consider price moves for our customers and partners, and have worked diligently over the past several months to postpone any increases pending the outcome of the EU referendum.”
Our component costs are priced in US dollars and unfortunately, the recent strengthening of the US dollar versus sterling and other currencies in the EMEA region, following the UK’s decision to leave the European Union, will have a direct impact on the price we sell to our UK customers and partners.”

ASUS increase prices by 9% - 19th July

“Unfortunately we are unable to continue to sustain the losses caused by a weaker pound any further, and therefore have no choice to but increase the cost of goods to our partners in line with the value of the pound.”
“This will affect majority of goods shipping from our factory for delivery in Q4 2016. We anticipate this impacting end-customers with an increase on the SRP of around nine per cent on our devices from October onwards.”

HP Prices up by 10% - 1st Augusut

"In order to maintain a sustainable and consistent approach to our operation in the UK and Ireland, we have taken the decision to make some adjustments to our channel-supported and directly-contracted end-user pricing strategy.
"Effective from 1 August, we will be implementing an adjustment of circa 10% across HP's Personal Systems portfolio."

Apple increases prices between 11% and 15% - 7th September

"Apple suggests product prices internationally on the basis of several factors, including currency exchange rates, local import laws, business practices, taxes, and the cost of doing business. These factors vary from region to region and over time, such that international prices are not always comparable to US suggested retail prices.”

 

 

Microsoft increase prices up to 22% - 21st October

https://blogs.technet.microsoft.com/uktechnet/2016/10/21/important-volume-licensing-update/

Effective January 1, 2017, we will be increasing British pound pricing to harmonise prices for enterprise software

 

 

Our recommendation to our new and existing customers would be to make sure they take advantages of the prices before the increase and try and purchase equipment for any supplier who hasn't already increased their prices!

Contact us today here for a same day quote on Hardware and Software!

Failing to connect to your VPN using Virgin Media?

This is a common issue for users of Virgin Media SuperHubs

When setting up a VPN, you can run into quite a few problems like what authentication it needs, which password do you use. If you are using a Virgin Media SuperHub you have the added challenge that by default your speedy SuperHub will block outgoing VPN traffic meaning that with all the correct details it just doesn't work. To fix this, just follow the below steps:

  • Browse to your SuperHub's IP Address (e.g. 192.168.0.1) and log in
  • Select "Advanced Settings" and click "Yes" to confirm you want to view these
  • Select "Firewall" from the list 
  • Tick "IPSec Pass-Through", "PPTP Pass-Through" and "Multicast Pass-Through" at the bottom of the page
  • Click "Yes" to confirm settings change
  • Try to connect your VPN again.

This allows the traffic through for VPN authentication and should now allow your VPN to connect as normal.

 

 

Huge rise in hack attacks as cyber-criminals target small businesses

Cybercrime attacks ALL. It is down to user knowledge to avoid the potholes of dangerous emails, and websites that sometimes appear too good to be true! Downloads, attachments and erroneous surfing all can prove fateful, as in this Case Study, from The Guardian, reports.

Response IT have dealt with over a dozen client instances of cybercrime, and its on the rise. The more data you can move to the cloud, the safer you will be. The alternative being if you have a local server, make sure it is backed up regularly - like nightly! Don't get caught out, as this type of malware will encrypt all your network shared data, quicker than you can detect it!

Please take the time to read this article...written in February this year but still current today.

Article: http://tinyurl.com/hxufszf

 

Could you be sending your firm's cash to fraudsters?

Unfortunately we have seen some of our clients caught out by this scam. A simple email, costing the organisation £1000s, all done in a keystroke.

Please do take a look at this article and instruct your staff to always speak to an email sender, personally, to authenticate the request before making this mistake.

Article: http://tinyurl.com/hltt8jx

Great Feedback from Existing Customers

Here's some feedback some of our customers have emailed through this week out of the blue!

“Thank you for your help. I want to tell you guys how comforting it is to have great support even for the simple questions so I can concentrate on my job vs software.”
“Pleasure to work with as all your guys are and it has been a breeze to get this up and running compared with other companies who have quoted ridiculous sums of money and are hard to work with, so thanks again”

 

We really appreciate the kind words, and of course will keep up the great service!