We hope our blog will help you with your IT questions

medical

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
Recent blog posts

What used to be a simple inconvenience is now a fatal blow to a lot of companies. Data loss has become a critical problem in an age that revolves around information technology. One large data loss could be enough to stop a budding company in its tracks. Luckily, there are ways to reduce the risk of serious data losses. Learn the best practices for data backup and recovery your company needs to be using, including having a written recovery plan, backing up to the cloud, relying on automation, and using the right technologies. Dolce Vita IT Solution offers Sempreon DATTO as a comprehensive data recovery solution perfect for any company.

1.     Have a Recovery Plan

 

Dolce Vita recommends making a written plan to prepare for emergencies. Everyone should know the plan and take ownership of both their day-to-day role and their role in an emergency. Establish different layers of redundancy, as well as what to do when data loss happens. Review the plan regularly to keep it up to date.

 

2.     Vary Storage Methods

 

Using multiple methods of data storage provides flexibility and redundancy. The cloud offers cost-friendly protection free from on-site risks and allows for quick recovery of information. Dolce Vita makes image-based backups, not files/folders only, tests the backups daily to make sure they restore correctly, and provides virtual machines on your network as backups, getting you back online in minutes, not hours.

 

3.     Capitalize on Automation

 

Automation provides constant protection that avoids such circumstances. People forget to back up their data; automated processes remove that from the equation. Manual processes can miss steps, while correctly configured automated backup will complete each step before going on. Sempreon DATTO automates the process for you, giving your administrator real-time oversight on backups both on-site and off.

 

4.     Have the Right Technology

 

Make sure you have the right technology for your company before you need it. Self-Monitoring Analysis Reporting Technology (SMART), for example, monitors storage drives to spot potential failures before they happen. SMART allows IT staff to back up data before the drive dies. 

 

Having a plan helps everyone feel confident regarding the security and integrity of their data. Sempreon DATTO provides the solution your company needs to protect your data, keep you aware of its status, and be ready for whatever happens. Contact Dolce Vita for more information.

Continue reading
Hits: 20
0

 

A Whitepaper by

 

Dolce Vita IT Solutions LLC

 

 

 

 

Business Continuity in Chiropractic Environments

 

June 2017


 

 

Background

 

Chiropractic environments are typically in smaller office settings and are often more cost-constrained than other medical environments.  This means that they are often subject to third-party IT and office management offers which frequently do not protect the practice’s data as well as the owners believe.  Based upon experience in assisting chiropractor offices and other small medical practice clients, some guidelines are offered for chiropractic practice owners to follow in order to limit risks to sensitive data.

  

Sources of sensitive data

The chiropractic environment has several sources of sensitive data which need to be protected, some of which are not necessarily obvious:

Routine patient data in chiropractic practice management software

  • Imaging data generated by x-ray or other devices
  • Fax images from other medical practices, insurance companies, etc.
  • Email relevant to patient information
  • Scanned documents such as identification, insurance cards, etc.
  • Accounting data
  • Business data and documents

 

Requirements for protecting data

Protection of data in a chiropractic environment does not differ greatly from that in other business environments.  To understand some of the risks, consider the most typical ways for data to be lost (or stolen).

  • Dumpster diving – a potential source for identity information, and very low risk
  • Corruption – if power issues ever occur and if battery backups are older than 3-4 years, this is common as workstations/servers can spontaneously shut down or be damaged by brown-outs (circuit amperage or voltage drops slightly and if not corrected by battery, damage to computers and components can occur over time)
  • Theft – any improperly secured wireless can result in unintended access to your systems
  • Theft – weak, non-existent, or old passwords on workstations, desktops which do not automatically lock after a configured inactivity period
  • Loss – patient or business data not being backed up and accidentally deleted or destroyed
  • Destruction – ransomware is a very common way for data to be destroyed
  • Loss of access – poor documentation of credentials for every aspect of the information operation

 

Requirements:

 Physical environment

  • Workstations have to be connected to the battery backup outlets on a functional uninterruptible power supply (UPS)
  • Workstations should have excellent air flow; those placed inside of cabinets must have air holes, etc. in any cabinetry to minimize damaging heat build-up, including fans in some cases.  It is best to avoid this scenario by placing workstations on CPU stands on the floor with appropriate cable management
  • Carpeted floors increase the dust in an environment, so it is important to use compressed air periodically to clean the internal components on workstations
  • Printers and other sensitive electronics must be connected to surge protectors
  • All network components such as servers, firewalls, switches, workstations, etc. must be connected to battery backup (verify they are connected to battery-protected outlets)
  • All workstations, servers, and network equipment should be in rooms which are reasonably cool (i.e. never more than 72 deg F).  Higher temperatures will result in thermal degradation of system boards, etc. over time.  Avoid any situation in which workstations or other equipment reside near floor heaters
  • Servers, backup appliances, storage appliances, and network equipment should normally be in a physically protected, locked room.
  • The building should be locked and alarmed, with an alarm service
  • Use of security cameras is recommended with specific attention to doors and windows as well as access to network storage hardware
  • Any shredded material should be destroyed by a trusted and certified destruction company

  

Firewall and Content Filtering

  • Typically it is recommended to use a hardware firewall which is a capable Unified Threat Management (UTM) appliance. 
  • UTM firewall should be licensed and configured for content filtering, gateway antivirus, antispyware, application monitoring
  • Firewall should normally be configured to block all outbound ports not required for routine business operations
  • All access from the outside for firewall configuration is turned off…there is rarely justification to allow even trusted users to configure the firewall from outside
  • Firewall is configured with a complex password, with account lock-out enabled (x failed attempts locks access to the device for a set time period)

It is not uncommon to find practices with residential-quality firewalls and wireless systems, without content filtering or the ability to detect malicious encrypted traffic common with ransomware exploits.  This is a situation which should be looked at closely and remediated.

 

AntiVirus and AntiSPAM

With regards to ransomware, which is one of the most prevalent risks facing businesses, there are a number of important conditions which owners should be aware to ask about:

  • Each reputable antivirus software vendor has available technical best practices with recommended settings most likely to protect the client environment.  The owner should ask to be shown the current applicable pdf used to configure the antivirus in use.
  • Most antivirus is capable of content filtering…it is recommended that this be configured consistent with current best practices, in addition to the content filtering running on the firewall.  These settings can be easily tested.
  • Anti-SPAM is not as easy to properly configure, and SPAM is the most prevalent source of ransomware risk.  It is often recommended that anti-SPAM be cloud-based so that infections are dealt with before they ever land on the client location, and to significantly reduce email system load.  It is common for reputable systems to vet out over 75% of inbound email as originating from spammers and other blacklisted sources.
  • Anti-spam system should be configured to reject risky attachments consistent with manufacturer best practices
  • Best practices for vendors should be reviewed on at least a quarterly basis because manufacturers are continually adding features such as machine learning, etc. to their products

 

 

Backups and Business Continuity

It is generally acknowledged in the technology industry that ordinary file/folder backups are no longer adequate for business continuity.  It is essential to have a business continuity plan which includes the ability to recover not only files and folders encompassing all of their patient data, but also recovery of imaging data, documents, correspondence, accounting and business planning data, as well as recovery of email.  In addition, any critical servers or workstations should be protected at least on-site by imaging software…this allows a failed workstation to have a recent backup image used to restore to new hardware if needed.

Unfortunately it is common to see situations where the only patient data recoverable was that in the chiropractic practice management system.  This is only a portion of the data required to be recoverable.  It is the business owner’s responsibility to know where all critical data resides, verify that it is backed up, and verify that it is recoverable.

The typical storage situation in chiropractic offices includes two to five workstations, often with one designated as a "server", but which is running a workstation operating system.  In the typical case, the data which is critical is spread across a number of devices…if the patient records database is the only data being consistently backed up then there is a problem.  To simplify the storage environment it is possible to have scanned documents and other data reside on a server, network-attached storage device or other converged storage.  This can simplify the backup protocols as well, resulting in one device with critical data to be backed up. 

 

Recovery Risk Matrix

Once the storage environment is planned, then it is critically important to work with whoever provides the practice’s IT to review its highest-risk, highest probability downtime scenarios, and ensure reasonable steps are taken to protect data as well as ensure that the owner understands the timeframe for recovery of data based upon the current infrastructure.    A risk matrix is one of the most useful and dynamic methods used for business continuity planning.

It is useful at this stage to review the distinction between backups and business continuity, because the difference is exceptionally important from a cash flow perspective.  The term ‘backups’ is used to describe the fact that a copy or image of critical data is kept on separate media allowing data to be recovered in the event the original media or device is damaged, etc.  The term backup does not account for the time required to recover data. 

The term ‘business continuity’ is used to describe the practice of backing up data as an image in such a way that it is recoverable in an acceptable timeframe to minimize cash flow impact on a business.  This can be critically important and is illustrated by two recent real-world examples.

Example 1

The client is an educational institution whose primary file server failed late on a weekend due to a failure of multiple hard drives.  This required that the drives be replaced and a “bare-metal” recovery be performed to different hardware.

The data recovery for this 1.5TB server required approximately 20 hours for the backup system to complete.  The business impact extended from about 0800 Monday morning until about 4 PM Monday, and the school acknowledged no serious impact on their organization.

 

Example 2

The client is a high-tech manufacturer serving the oilfield and aviation industries.    They had a critical database server fail due to live system modifications being made by an application developer.   They had over 50 personnel as well as five 18-wheel transports idled by this data incident, at an estimated downtime cost of approximately $2500 per hour.   The business was up and running with a server image in under 30 minutes due to the business continuity system in place.  In addition, the server data was restored outside of regular business hours to minimize disruption to the client.

This illustrates the need for owners to understand recovery timeframes and their impact on cash flow.  In the chiropractic setting, it can create a significant inconvenience, but usually will not cause a significant cash flow disruption, so long as the data is recoverable.  With regards to cash flow impact it is useful to plan around the potential absence of key data for the duration of various recovery scenarios, and to at least plan for work process adjustments to accommodate this and minimize patient care impact.

 

Example Risk Matrix

A risk matrix is a basic listing which includes a list of all of the significant information repositories, such as patient images, front office scans, patient records, accounting data, etc.  Then each repository is used to identify the business impact (i.e. on a scale from 1 to 10, with 10 effectively not allowing business to be conducted or being extremely damaging).  Then each repository is evaluated on the likelyhood of damage occurring (again, from 1 to 10).  Effectively the risk factor is:

                    Risk factor = business impact x likelihood

Of course the higher the risk factor, the more it may need to affect how that repository is protected.  Businesses should re-evaluate risk factors on at least an annual basis, and should test data recovery on at least a monthly or quarterly basis.  Our clients with major potential cash flow impacts are set up with automated testing of their backups on a daily basis.

Summary

It is important for chiropractic practice owners to be involved in the appropriate protection of their data.  Involvement in identification of all critical data sources and decision making regarding continued availability of that data will serve to reduce risk to the business and can ensure better quality of service for patients.  Making assumptions about current quality of service data protection is irresponsible and potentially dangerous for the business and for quality of care.  It is easy for business owners to feel intimidated about this process, but their IT service provider should be able to provide assistance to make this a reasonably painless process.

Lane Griffing

President

Dolce Vita IT Solutions LLC

About the author:  Dolce Vita IT Solutions is an Edmond, Oklahoma based IT consulting firm specializing in providing IT support to small and mid-sized businesses in the medical, insurance, manufacturing, banking, and other business verticals.  In business since 2002, Dolce Vita works with businesses from 2 to 500 users.  Lane can be reached at lane.griffing@dvits.net .

Continue reading
Hits: 102
0

 

A Whitepaper by

 

 

 

Dolce Vita IT Solutions LLC

 

 

 

 

 

 

 

 

Business Continuity and Ransomware Prevention in

 

Manufacturing Environments

 

 

 

August 2017


 

 

  

Background

 Manufacturing environments vary tremendously from the standpoint of information technology which is in use.   The technology varies from physical and virtual servers and workstations to the presence of workflow management systems including enterprise resource planning (ERP) and other exceptionally complex database systems, inventory management, and other similar systems.  The vast majority of manufacturing businesses utilize hybrid environments with some systems on-premise and others cloud-based.  By definition, virtualized environments will still contain a physical component.  Email systems also vary from on-premise email servers to systems hosted in the cloud such as Hosted Exchange and Office 365.

Yet with all of this variety the following aspects generally apply:

 

 

  • Manufacturers generally invest minimal time and effort in IT training for management and users
  • With some exceptions, manufacturers are generally slow to adopt changes to their IT systems
  • Manufacturers do a very uneven job, as do most businesses, at identifying their most critical data, and ensuring adequate resources are brought to bear to protect those resources
  • Many manufacturers have a relatively short time window to get ERP, email, and other critical information resources back into production before cash flow is seriously impacted

  

Based upon experience in assisting a wide variety of manufacturing facilities from heavy industry to medical surgical camera repair and manufacturing, some guidelines are offered for manufacturing management teams to improve awareness of ransomware, the risks it poses to information systems and cash flow, and some steps to reduce risk.

Sources of critical data

The manufacturing information environment has several sources of sensitive data which need to be protected, some of which are not necessarily obvious: cash flow, workflow, customer service, and proprietary information may be affected if the environment is compromised:

 

 

  • ERP, inventory management, and shipping systems immediately affect cash flow when they are down
  • Email systems affect workflow and customer service
  • Financial and accounting information
  • Proprietary data such as engineering, CAD, and other intellectual property
  • ISO documentation unique to the business and proprietary processes
  • Shipment information, bills of lading, and other “proof” documents
  • General business data and documents

  

Ransomware – what is it, and why all the fuss?

Businesses have been dealing with malware (malicious software) ever since the first criminal miscreants understood that they could steal someone else’s work and make a profit.  Ransomware is an exceptionally malicious subset of malware, designed to steal access to information and charge a ransom to get access back.

How do ransomware infections occur?

  

 

  • Email - In manufacturing environments phishing emails (emails designed to look authentic which contain attachments or links to infect or to direct the user to an infected website) are the single most common infection vector
  • Compromised websites – websites (either valid websites which have been infected, or “phishing” websites designed to look authentic, but are in reality carrying infectious code).  The user generally either is directed to these sites by a malicious email or by ransomware-impacted search results
  • USB keys (thumb drives) – used to transfer internal data from the office to the shop floor or vice versa

  

How serious a problem is this?

A ransomware infection in the vast majority of cases starts at a user workstation, and once begun, instructs the infected workstation to inventory all data shared across the network to which the user has read/write access.  The inventory effectively prioritizes the shared data across the network based upon its perceived value (for example, financial data would probably be automatically attacked and encrypted before a repository of photos).  Left unchecked every folder and file which the infected user has read/write access to becomes encrypted and therefore inaccessible to all users on the network.  In the majority of cases the only way to recover data is to restore it from unaffected backups.

  

  • During 2016  80 new ransomware families emerged, and by the end of 2016 recognized variants grew from 2900 to over 30,000
  • The antivirus vendor Kaspersky estimates that roughly 40% of businesses have been impacted by ransomware
  • Successful ransomware attacks result in some corporate data loss in over 50% of cases
  • According to Trustwave Global Security Report the ROI for ransomware perpetrators is 1425%

  

In short, ransomware is a serious problem.  The photo below shows what manufacturing users may see once ransomware has ravaged their shared network data.

  

 

 

 

Requirements for protecting data

Protection of data in a manufacturing environment does not differ greatly from that in other business environments, however the risk factors can vary greatly.   To understand some of the risks, consider the most typical ways for data to be lost.

  

  • Ransomware – one of the most prevalent risks today, can result in the loss of nearly all shared data for a business
  • Corruption – if power issues ever occur and battery backups are older than 3-4 years, data corruption is common as servers and computer equipment can spontaneously shut down or be damaged by brown-outs (circuit amperage or voltage drops slightly in the facility and if not corrected by battery backup then damage occurs)
  • Fire or water damage – power is carried at substantially higher amperages, and dependent upon the manufacturing processes in use, water or gases can be carried at high pressures, posing a higher risk than in office settings
  • Environmental damage due to heat, dust, poorly controlled humidity
  • Theft – improperly secured wireless can result in unintended access to systems
  • Theft – weak, non-existent, or old passwords on workstations, desktops which do not automatically lock after a configured inactivity period, or shared passwords used by a malicious user
  • Loss –data not being backed up and then being accidentally deleted or destroyed
  • Loss of access – poor documentation of credentials for every aspect of the information operation

 

 

Physical environment

Although the physical environment does not contribute to ransomware issues, it can contribute to loss of data due to a wide variety of factors:

  

  • The environment in which servers operate should be environmentally controlled…lack of dust control and temperature/humidity controls can shorten equipment lifespan.  Airflow is critical to the longevity of servers, workstations, and network equipment
  • Power systems – particular attention must be paid to battery backups for servers, network equipment and workstations.  Manufacturing facilities are extraordinarily unfriendly to power systems, so server battery backups must be more robust and must be designed to automate the process of shutting down all servers in the event of serious power issues
  • On shop floors, good practice is to use thin clients instead of conventional workstations as these are far more resistant to environmental issues
  • The building should be locked and alarmed, with an alarm service
  • Use of security cameras is recommended with specific attention to the location where servers and network equipment are located. 

  

Firewall and Content Filtering

  

  • Typically, it is recommended to use a hardware firewall which is a capable Unified Threat Management (UTM) appliance, with relevant content filtering and security licensing
  • The firewall vendor will have published guidance regarding the configurations and settings required to minimize ransomware risk…these are updated periodically, so settings require adjustments as the threats change
  • Firewall should normally be configured to block all outbound ports not required for routine business operations

 

Antivirus and Anti-Spam

Concerning ransomware, there are a number of important conditions which owners and business managers should be aware of:

 

  • Anti-SPAM is not necessarily easy to properly configure, and SPAM is typically the most prevalent source of ransomware risk.  It is generally recommended that anti-SPAM be cloud-based so that infections are dealt with before they ever land on the client on-premise systems, and to significantly reduce email system load.  It is common for reputable systems to vet out over 75% of inbound email as originating from spammers and other blacklisted sources.
  • Use manufacturer best practices to configure anti-SPAM systems
  • Each reputable antivirus software vendor has available technical best practices with recommended settings most likely to protect the client environment.  The management team should be confident that their protection is using these best practices
  • Most antivirus is capable of content filtering…it is recommended that this be configured consistent with current best practices, in addition to the content filtering running on the firewall.  These settings can be easily tested
  • Best practices should be reviewed on at least a quarterly basis because manufacturers are continually adding features such as machine learning, etc. to their products

  

Backups and Business Continuity

It is generally acknowledged in the technology industry that ordinary file/folder backups such as those offered by many legacy backup vendors are no longer adequate for business continuity.  It is essential to have a business continuity plan which includes the ability to recover not only files and folders encompassing all  critical data, but also recovery of operating systems, proprietary data, documents, correspondence, accounting and business planning data, as well as recovery of email.  In addition, any critical servers or workstations should be protected preferably on-site and off-site by imaging software…this allows a failed server or workstation to have a current backup image used to restore to new hardware if needed, or to completely replace the server in the event ransomware encrypts the server.

Unfortunately, it is common to see situations where the only data recoverable was that in the Enterprise Resource Planning (ERP) system or on particular devices. This may be only a portion of the data required to be recoverable.  It is the business management team’s responsibility to know where all critical data resides, verify that it is backed up, and verify that it is recoverable. As noted above the only recourse when a ransomware attack is successful is typically to restore any important data from unaffected backups.

Planning for recovery from ransomware attacks involves a detailed process to account for the systems which contain the most valuable and sensitive information and the time window required for those systems to be recovered.  This prioritization is not primarily a technical decision, but a business decision.  As the per-hour costs of downtime increase to include personnel labor costs, contract labor, non-delivery penalties, and reputation loss, the cost effectiveness of higher quality business continuity systems and prevention measures increases.

It is useful at this stage to review the distinction between backups and business continuity, because this is exceptionally important from a cash flow perspective.

The term ‘backup’ is used to describe the fact that a copy or image of critical data is kept on separate media allowing data to be recovered in the event the original media or device is damaged, etc.  The term ‘backup’ does not account for the time required to recover data.

The term ‘business continuity’ is used to describe the practice of backing up data as an image in such a way that it is recoverable in an acceptable timeframe (RTO), in a sufficiently granular fashion (RPO) to minimize cash flow impact of a negative event on a business.  Since ransomware is often a very fast-acting event, this can be critically important and is illustrated by two recent real-world examples.

 

User training

The importance of user training cannot be overstated.  While technology will handle a portion of the ransomware threat, remember the comment at the beginning of this whitepaper:  “Manufacturers generally invest minimal time and effort in IT training for management and users“.  It is crucial to bear in mind the following “rules” which impact IT with regards to ransomware:

Rule #1:  No anti-SPAM, antivirus, or content filtering technology is 100% effective

Rule #2:  No systems administrator or consultant can change Rule #1

An organization’s users are the last line of defense against malware attacks.  They must be properly trained on how to recognize ransomware threats and what to do when an attack seems to occur.  The training can be conducted by the internal IT group or the business’ IT consultants if applicable.  A user needs to know how to respond if they see a ransomware-related warning similar to the following:

 

 “A malfunction has been detected with Windows 7 / Server 2008 R2 and your IE 11.0.  Please call the number below to speak with a technician to assist you in resolving this matter.  DO NOT SHUT DOWN OR RESTART THE COMPUTER OR YOUR INFORMATION MAY BE LOST…”

  

 

Risk Matrix

In business continuity planning one of the first steps is to review the business’ highest-risk, highest probability downtime scenarios.  The next is to take reasonable steps to protect data as well as ensure that the management team understands the timeframe for recovery of data based upon the current infrastructure (the available RTO with the existing infrastructure).    A risk matrix is one of the most useful and dynamic methods used for business continuity planning.

 

Example 1

The client is an Oklahoma educational institution whose primary file server failed late on a weekend due to a failure of multiple hard drives.  The school was protected by an imaging system, but not by a business continuity appliance.  The failure required that the drives be replaced and a “bare-metal” recovery be performed to different hardware.

The data recovery for this 1.5TB server required approximately 20 hours for the backup system to complete.  The business impact extended from about 0800 Monday morning until about 4 PM Monday.

 

Example 2

The client is a high-tech manufacturer serving the oilfield and pipeline industries with approximately 50 employees.    They had a critical database server fail due to live system modifications being made by an application developer.   In addition to their personnel, they had five 18-wheel transports idled by this data incident, at an estimated downtime cost of $2500 per hour.   The business was up and running with a server recovery image in under 30 minutes due to the business continuity system in place.  The updated server data from the remainder of that day was restored outside of regular business hours to minimize disruption to the client.

This illustration of downtime helps visualize recovery timeframes and their impact on cash flow.   When considering cash flow impact it is useful to plan around the potential absence of key data for the duration of various recovery scenarios, and to at least plan for work process adjustments to minimize business impact.  Visualization, however, must go beyond the obvious cases in which the ERP system is down, or a critical file server is down.  How about email?  If it is on-premise, and it is a critical contact method for clients, then the recovery planning must give this a priority.  If the facility uses a voice over IP (VOIP) phone system which is converged with the data network, the continuity plan must be altered to properly disconnect the affected data systems from the network without affecting the voice system.  How do infected servers and workstations need to be disconnected from the network?  If this is not given consideration ahead of time, then a ransomware attack can have an even greater financial impact.

 

Planning for DR priorities with a ransomware scenario

The following is a greatly simplified chart which illustrates a means to assess risk factors.  Effectively the most critical systems are listed in the left column, initially in no particular order.  The business impact of the loss of each system is estimated in the next column (from 1 to 10), and the likelihood of the system being impacted by ransomware in the next column (from 1 to 10).  The product of those items gives a risk estimate from 1 to 100 in the last column.  The spreadsheet is then sorted based upon the calculated risk.

 

Example Risk Matrix

 

 

As noted in this simplified example, the business evaluates its key risk factors based upon experience.  The impact is based upon the assumption that data is recoverable…of course this can only be evaluated by performing scheduled test recoveries and documenting the results.  The likelihood of a particular type of data damage or loss is quite subjective.  It can be based upon experience but, in most cases, this is a judgement call based upon the experience of each business.  The risk factors shown here are a very minimal listing of those present in a manufacturing setting.  These will vary tremendously between businesses…it is critical for each management team to do their own evaluation based upon their unique situation.

Businesses should re-evaluate risk factors on at least an annual basis, and should test data recovery on a scheduled basis.  Those businesses with predicted major cash flow impacts should typically use a business continuity system which self-tests every protected server on at least a daily basis.  Changes to information systems, infrastructure, etc. should prompt the business to update their business continuity plans as needed.  These evaluations can conclude with disaster recovery tabletop drills to move the organization through a notional scenario without risking data. 

 

 

Summary

It is important for manufacturing business management teams to be involved in the appropriate protection of their data.  Involvement in identification of all critical data sources and decision making regarding continued availability of that data will serve to reduce risk to the business and can ensure better quality of service for clients.  Making assumptions about the ability to recover quickly from a successful ransomware attack is irresponsible and potentially dangerous for the business and for quality of service to customers.  It is easy for business owners to feel intimidated about this process, but their IT staff or service provider should be able to provide assistance to make this a reasonably painless process.

 

Lane Griffing

President

Dolce Vita IT Solutions LLC

About the author:  Dolce Vita IT Solutions is an Edmond, Oklahoma based IT consulting firm specializing in providing IT support to small and mid-sized businesses in medical, insurance, manufacturing, banking, and other business verticals.  In business since 2002, Dolce Vita works with businesses from 2 to 500 users.  Lane can be reached at lane.griffing@dvits.net .

 

Continue reading
Hits: 227
0

The business impacts of ransomware

Most business users have heard of "malware" - malicious software designed to disrupt a business, cause an alteration of processes, etc.  "Ransomware" is a variant of malware which in accordance with the name, is designed to infect a user's system (and potentially any connected networked systems) with code which either locks out access to the data, or which is capable of encrypting the subject data.  The perpetrator will attempt to blackmail the company into payment of a "ransom" to regain access to the affected data.  Ransomware is more widely known now, both because of the damage done to organizations, but also because these organizations were generally doing a reasonable job of protecting their systems.  Ransomware is truly an attack which relies primarily upon 1) untrained or unwary users and 2) poor information technology defenses

Some useful links are noted below with good synopsis regarding ransomware and methods such as CryptoLocker and CryptoWall:

https://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/reports/rpt-the-fine-line.pdf?ClickID=cqeppqsleevifazv7nenixaskqszxpkskkz

https://www.us-cert.gov/ncas/alerts/TA14-295A

https://www.fbi.gov/news/stories/2015/january/ransomware-on-the-rise/ransomware-on-the-rise

http://money.cnn.com/2016/02/17/technology/hospital-bitcoin-ransom/?iid=EL

http://www.bbc.com/news/technology-35773058

It is worth noting that some of the recommended steps to avoid ransomware focus on software and hardware solutions...but in our experience, the most advanced defenses must be used IN CONJUNCTION WITH proper user training, awareness, and discipline.  Some of the most current advice regarding prevention is offered by Trend Micro, CERT, Sophos, and the FBI.  Interestingly, the FBI has counselled victims in the past to pay the ransom...for the most part, these companies were not going to recover their encrypted data any other way.

To prevent ransomware we strongly recommend the following:

  1. Business' must train users about the risks of ransomware, what vectors are used to distribute it, and how to respond
  2. Critical systems must be backed up using image-based backups on an hourly or multi-hourly basis
  3. Windows Updates on servers and workstations must be centrally managed and as up-to-date as possible...weekly reporting should reflect any deficiencies
  4. Businesses should use at least one type of content filtering to filter (and report on) web usage of all types, and be set to block malicious content consistent with best practices
  5. Anti-SPAM should be configured consistent with manufacturers best practices...these change and should be reviewed at least monthly for configuration changes
  6. Antivirus must be up-to-date, cover ALL devices which are capable of accessing server-based data or other shared data of any type, and configured according to the latest best practices
  7. An organization's IT group must have DR design which accounts for the response scenarios involved with ransomware
  8. Be flexible and understand this threat is changing continuously...adjustments to configurations will be required
Continue reading
Hits: 1172
0

Our clients have had such a good experience with Windows 7 that Windows 8 and 10 would seem on the surface to have limited appeal

Our client inventory of over 1500 workstations reflects that well over 50% are currently running Windows 7, and that these run on both physical workstation and virtual desktop infrastructure.  Out of the 1500 are a few XP workstations, unbelievably...these run non-critical workloads such as postal machines, etc.  But as with all businesses it is important to keep not only hardware, but operating systems as well refreshed and up to date.  Two factors have prevailed in businesses deciding to remain with Windows 7...user comfort factor, and the fact that the hardware was still functioning without issues.

Anyone who has worked with Windows 8 knows that navigation and functionality are a substantial change from Windows 7.  In fact Windows 10 is somewhat more like Windows 7 in terms of navigation...however it does require adjustment.   Whether users are comfortable with upgrading is no longer really a factor.  Microsoft is retiring mainline support for Windows 7 in 2016/2017.  This creates difficulties in the event of complex support requirements with databases etc. to which Windows 7 devices are client machines.

What are the key features in Windows 10?  Check it out!

http://www.cnet.com/videos/best-windows-10-features/

https://www.youtube.com/watch?v=cVUv_gOKQ_g

https://www.youtube.com/watch?v=FZqKyhfD7-E

By most client accounts, like Windows 10 is an operating system which Microsoft has gotten right.  Although early adoption within large enterprises will be slow this is primarily due to the fact that outside of touchscreen technology, 7 does what enterprises need it to do, mainly being to conduct business in a rock-solid fashion.  As touch-screen becomes a more common request from enterprise users, adoption of 10 will likely accelerate rapidly.

If you have questions about Windows 8 or Windows 10 deployment feel free to call us at 405-822-7912 or email support@dvits.net .

Continue reading
Hits: 3083
0

How does IT infrastructure have an impact on SMB's? 

The fact is that most small and mid-sized businesses tend to wait until exceptionally painful problems occur to look into this.  Our experience has been that if IT infrastructure is correctly planned from the beginning with adequate investment, it reduces recurring problems and costs.  Here are some typical examples:

Physical Environment

Temperature / Humidity / Dust - Computers and electronics have a range of comfort which requires cool airflow (to prevent overheating), and moderate humidity levels (approximately 25%-40% humidity).  This electronics "comfort zone" is not all that different than a normal office environment. This means that small airless closets or rooms without controlled air conditioning will promote heat build-up and early equipment failure.  Enclosed small spaces with poor airflow tend to have wide and very sudden swings in temperature and humidity which result in electronics damage relatively quickly. 

  • Air-conditioning and good airflow are a requirement
  • During cold weather it is imperative to avoid having under-desk space heaters blowing on or being near workstations...feeding hot dry air into workstation air intakes promote static discharge and electronics damage as well as overheating
  • Avoid small spaces if possible
  • If expensive or sensitive equipment (ie. switches, firewalls, servers, computers) is in use ensure it is monitored with a network environment probe...the $400 or so may save many thousands of dollars as a result of equipment damage (see our managed services case histories for examples)
  • On at least a semi-annual basis, shut down workstations and use compressed air to clean out all fans and boards and to clean off cards
  • For environments where workstations must be in dusty or hot environments, it is worthwhile to consider the user of virtual desktops so that the user devices do not use fans and hard drives...it results in significant cost savings

Rack-mounting - in small- and mid-sized businesses with one or two servers it is common to see tower-type chassis which can rest on the floor like a workstation.  With our clients either large of small, we universally recommend rack-mounted servers.

  • rack-mounted chassis do NOT require tall 7 ft. racks, in smaller installations we use short 3-4 ft portable 4-post racks costing less than $500.  These can easily hold 2-4 servers.
  • this gets the equipment off the floor which minimizes the potential for water damage
  • in a rack of any type, we provide servers with faceplates (bezels) to prevent unintentional contact with power switches or drive bay latches - this alone can save thousands of dollars in recovery effort by preventing accidentally ejected drives
  • A rack-mounted server will have better-protected power cables and network cables
  • servicing rack-mounted equipment is easier and safer

 Physical Access - needless to say all servers and other core network equipment should be in secure areas.  Leaving these available to general access can lead to significant operating problems

  •  Using a changeable combination lock or electronic keypad ($200 and up) provides better and more flexible security than keyed locks for server rooms
  • Ensure only authorized users have access if possible
  • Using a server bezel (faceplate) protects server drives and power/reset buttons, especially in close quarters
  • Using an inexpensive network camera in the server room or other sensitive areas which can detect motion and log access can be helpful in deterring unwanted access to equipment

 

Power Environment

Power - All geographic areas are subject to power fluctuations.  Most business owners don't realize that these fluctuations are passed on to the processors of their unprotected IT equipment resulting in long-term damage and early equipment replacement.  Surge suppressors will NOT fulfill this purpose.

  • All servers, workstations, routers, cable/DSL modems, firewalls, switches, wireless access points need to be powered from battery backup
  • All switches, even small 4 or 5-port switches need UPS protection...otherwise power fluctuations still travel the network
  • Printers can normally be powered by a surge suppressor, but verify this from the manual. 
  • If multiple wireless access points are to be placed, ensure the core switch for the facility support power over Ethernet (PoE), and ensure the WAP's support PoE.  This ensures that the WAP's are powered from conditioned power (the switch), and it allows the facility to run without awkward power connections. 
  • Ensure that servers are powered by uninteruptible power supplies (UPS) which can perform remote shutdown of multiple.  Especially in the mid-continent it is not at all unusual for outages to far outlast battery backups.

 

Storage Infrastructure

 Storage Area Networks and Network Attached Storage

These should treated with the same care as any other server as these include processors, fans, and arrays of disk drives

  • Normally multiple power supplies are available
  • These are used to either fully or partially relieve servers of the stresses of storage of critical data (virtualized storage)
  • SANs and NAS are also used to host virtualization storage
  • Units such as DROBO (Data Robotics) and EMC devices are extremely tolerant of unclean shutdowns due to power loss.  However, most of these units can be configured to be automatically shutdown correctly by the power environment
Continue reading
Hits: 3350
0

We frequently get the question: "We've been thinking about moving our IT to "The Cloud"...does this make sense?

The response typically is "it depends".

It is exceptionally rare that moving all key IT infrastructure to the cloud is logical or cost-effective.  The vast majority of cloud implementations are actually hybrid systems with some infrastructure and processes remaining onsite and some offsite.

Lets talk about what "The Cloud" or "cloud-based" refers to.  Typically this means that rather than having the particular infrastructure for a system onsite, it exists typically across the internet at another location.  The services are available to users, but if they asked to see the equipment you would not be able to show them because its in "The Cloud" (the internet).

Cloud-based infrastructure has been around for many, many years.  Compuserve (bet you haven't heard that in a long time), AOL and Hotmail are examples of cloud-based services.  Outside of email, however, lets consider placing highly critical business processes in the cloud.  What would we be looking for which would make this an attractive option?

  • Cost - actually, no...cloud-based infrastructure is almost universally more expensive in terms of cost of ownership than in-house owned equipment when you look over time
  • Reduced management costs - this depends upon what is being cloud-based...if your are looking at Quickbooks Online you won't have to manage upgrades or manage the server on which it resides.  If you are cloud-basing a database server, you are typically still responsible for all management, backup, upgrades, etc.  In other words your IT management costs likely do not drop in this case.
  • Available from anywhere on the Internet - of course
  • Redundancy - part of the objective of critical cloud-based infrastructure is that redundancy should always be part of the deal.  Part of the premium which you pay should be that the system is always up, highly available
  • Investment is low - initial acquisition cost is extremely low, especially in comparison with building your own redundancy.
  • Someone else is handling the hardware and software upgrades, and in a way which prevents or minimizes downtime for your organization.

So what are some key ways that SMB's can use "The Cloud" to reduce their risk?  Dolce Vita has managed migrations to cloud environments for:

  • Accounting - moved clients from on-premise versions of accounting packages to cloud-based installations or to online versions
  • Specialized database servers - migrations of SQL servers from on-premise to either hosted servers or other cloud-based redundant environments - this was done in part due to environmental concerns for server equipment or because uptime was sufficiently important to require redundancy
  • Email - We have used hosted Exchange and hosted Sharepoint for our in-house email and have migrated clients to cloud-based email because of the critical nature of this for our businesses.  Having a server cluster for $10-12/month is a GREAT deal!
  • Business-specific critical databases such as client relationship management (CRM) or ERP - such as Autotask, Salesforce, etc.
  • Hosted VOIP phone systems - we use a cloud-based VOIP system without issues or regrets.  VOIP is very demanding in terms of infrastructure so it isn't necessarily for everyone.

What are the key "gotcha's" for cloud-based infrastructure?

  • Solid, redundant internet connection - if your critical process is cloud-based, and "The Cloud" has dried up and blown away what are you left with?  Typically a "Going out of Business" sign.
  • Use it mainly for processes requiring redundancy, typically we don't accept non-redundant services
  • Be sure to understand who is responsible for server or system management including system and database backups
  • For email systems, be sure you understand the costs and limitations of backups and archiving - in a legal action requiring discovery, the onus is ALWAYS on the business, not on the provider, to ensure email archiving is working and usable.
  • For any cloud-based VOIP infrastructure ensure that all internal IT issues such as bandwidth, traffic shaping, switching, and quality of service (QOS) are addressed, and be certain that at least a limited non-production test is done to ensure your environment will support VOIP adequately.

Call Dolce Vita today to talk about cloud based systems and to see whether this makes sense for your business.  We can promise answers, but not "smoke".

Continue reading
Hits: 3353
0

Malware can be a problem for any business...causing slow workstations and slow access to data for users. 

Dolce Vita has worked with organizations from small non-profits to mid-sized banks and hospitals to reduce their risk and susceptibility to malware and SPAM.  Through an understanding of key risk factors for a client business DVITS designs and manages the means to reduce these risk factors.

User education is the most effective means to reduce risks...if users gain an appreciation of the costs of malware to the organization, and if they are encouraged to accept some ownership and responsibility this is a key step.  Using a firewall which is capable of real-time website filtering based upon organizational policy is effective as is weekly reporting of all website traffic trends for the organization.

DVITS is a strong proponent of cloud-based anti-SPAM filtering and uses this technology to minimize the processing load on mail servers.  This also reduces risk to the organization by keeping malicious emails from ever reaching the mail server.

As with all security measures the network admin should be able to see a console or receive detailed reports on centralized results of these measure.  Detailed reports allow the admin to take specific actions to eliminate problems before they impact the organization.

Continue reading
Hits: 2942
0

Posted by on in Managed Services

How can organizations use managed services to control their IT costs?

Remote Monitoring and Management - Remote monitoring and management (RMM) services provide 24/7 tracking of server and workstation performance, and tracking of events critical to correct functioning of the network.  Critical services which stop or hard drive problems are reported on and even automatically corrected.  Software can be scheduled for automatic installation and regular maintenance tasks can be automated.

For organizations which have their own IT staff, Sempreon provides alerting and reporting on the network environment which is an enormously important task removed from their already full plate.  The IT staff can use Sempreon's integrated helpdesk functions to have users submit tech-related tickets and use the system to track their own remediation work, or they can escalate the ticket to DVITS for resolution.  By using Sempreon for larger organizations the hardware and software inventory as well as licensing and warranty renewals is automatically tracked and tickets can be tied to this inventory.  Sempreon allows chronic issues to be identified and eliminated.  This of course drives downtime lower and keeps your staff productive!

For organizations which do not have in-house IT, or who choose to use a staff member to handle IT as an additional duty (lucky person, that is!) Sempreon makes it possible to be alerted of significant issues and to have an exceptionally experienced resource to assist with anything from helpdesk issues to project planning.  Since Sempreon allows repetitive issues to be identified, a solution can be prioritized and planned meaning that staff can focus on their core mission for the business instead of handling tech issues.

The objective behind Sempreon RMM is to prevent problems early instead of waiting for issues to affect users. Sempreon allows DVITS to effectively act as an outsourced CIO and IT shop, with the ability to remote into a user's desktop within minutes...over 95% of our network management is handled remotely resulting in lower IT costs and higher technology reliability.  This can make any business more profitable!

Hosted Exchange Email - The key advantages to hosted email are the presence of redundant server services, simplified archiving, and reduction in management tasks.  Using Hosted Exchange 2010 for our clients has reduced hassles and provides great mobile services.  The archiving features have come in handy when clients have accidentally deleted critical email or folders. 

Sempreon DATTO Business Continuity - being able to automate the entire disaster recovery process is a huge load of any admin's shoulders, and it is even a bigger load off management's.  Our DATTO system allows for local appliance-based image backups of servers and workstations with local recovery of either data or an entire server in under 15 minutes.  In the event of a local disaster, within about 1 hour we can make the client's protected servers available from an offsite datacenter. 

 

Call Dolce Vita today to schedule a cost-free in-house demo of Sempreon RMM.

 

Continue reading
Hits: 3025
0