Outsourcing IT (Information Technology)

/in , /by

When in doubt, source IT out.  It’s a big topic, but there are many ways to save time, effort, and money by outsourcing some of all of your IT functions.

Often, organizations staff IT themselves using one of these techniques:

  • The part-time IT person
  • The full-time IT person
  • The IT team

The part-time IT person

Smaller organizations might assign IT tasks to an existing employee; IT becomes an add-on to that employee’s full-time job.  This arrangement might work well initially, but can creates these issues:

  • Insufficient expertise – Your employee does not have enough expertise and makes mistakes that compromise performance, reliability, and/or security.

Not much needs to be said; basic training and certifications are helpful and should be encouraged.  It might help to have an outside look periodically (an IT audit) to see if your employee is heading in the right direction and doing the right things.

  • IT takeover (makeover?) – Your employee becomes enamored with IT and does not spend enough time on their full-time job.

Often the employee spends too much time chasing IT problems; they find the challenges fascinating and spend hours pursuing issues that might be solved faster by asking for help.  (Pride might also play a part.)  This behavior takes them away from their full-time role, which they might not like as much.

It is a fine line; when should I call for help versus getting it done without engaging anyone else.

  • Skill-set range – IT requires several different skill sets:
    • High-end – Plan strategically, define security requirements, etc.
    • Mid-range – Select and support required applications.
    • Low-end – Change toner in a printer, replace a keyboard, etc.

One employee is required to perform low-level tasks, but is also expected to address high-level functions.  At the mid-level, they own organization-specific applications and provide setup, training, and problem resolution.

It is difficult to find someone who can handle the high-level functions, but is willing to do the mid or low-level tasks; conversely, someone only capable of performing the low-level tasks often cannot support the high-level needs.

Ideally, you would have people for each end of the IT-needs spectrum and all things in-between; realistically, you might consider outsourcing various aspects to supplement the skills of your part-time employee.

  • Management – Who is managing this employee?  How do they know if they are doing things correctly?  How can they be sure that the employee can handle both his/her full-time job and the part-time IT job?

The full-time IT person

Investing in a full-time IT employee is considerably better that counting on a part-time person, but some problems linger:

  • Skill-set range
  • Management

This scenario typically works best if the full-time person is high-end enough to plan strategically, but engages and manages outside assistance to deploy and maintain high-impact items like the network infrastructure.  In this fashion, the skill-set range can be supplemented while direct management is provided.  In addition, this person is always onsite to address critical needs immediately (like showing the CEO how to call-up his/her Facebook page.)

The IT team

An IT team is ideal; you can staff it with individuals who have the appropriate technical skills while providing seasoned management to keep everyone focused and productive.  This manager, who might report to a C-level executive, becomes the interface between the organization’s business requirements and their translation to the technical efforts of the team itself.

An IT team is what you get from most IT-service companies; the good ones know how they fit with their clients and have a long-term relationships with these clients.

Questions to ask an IT-service company

When you engage an IT-service company, you should receive an IT team capable of handling most, if not all, of your IT needs.

Some key questions include:

  • Do you offer features and functions that meet the needs of my organization?
  • Can you state your services and their benefits in business-oriented language?
  • Can you demonstrate dependable service at a reasonable cost?
  • Are you certified and trained in the areas you support?

An IT-service company should be a strategic partner, someone capable of guiding your future while supporting your current infrastructure.

 

For more information, please email Info@Bryley.com or call us at 978.562.6077.

Bryley Basics: More of Anna’s Windows 8 tips

/in , /by

Those of you running Windows 8 have probably experienced the new Photosapp, which opens the image in the full-screen, hiding everything else on the screen. It is really inconvenient for me, and I am guessing I am not the only one.  Here’s how to change from the default photo-views application in Windows 8, Photos, back to the Windows 7 version, Photo Viewer:

  1. Once in Desktop Mode go to the Windows Icon winIcon, right-click, and then select Search.
  1. A search bar will open; type Default Programs and then select.

 

  1. Select Set your default programs.

scnShot_1

  1. Select Windows Photo Viewer, select Set this program as default, and then click OK.

scnShot_2

You can use the same procedure to change other default programs.  If there is some type of Windows 8 default application that you are not happy with, this is the place to make those changes.

Did you miss my earlier post on how to boot Windows 8 straight to desktop mode?  If so, check it out here.

Livingstone interviewed by CEOCFO Magazine

/in /by

Gavin Livingstone, President at Bryley Systems, was interviewed by Lynne Fosse of CEOCFO Magazine, which was published in the 4/28/2014 web-edition.

Registered subscribers can see this in-depth overview of Bryley Systems by logging into the Subscriber Exclusives section at www.CEOCFOMagazine.com.  (The article resides at http://ceocfointerviews.com/CEOCFO-Members/BryleySystems14-CEOCFO-Article4.pdf.)  Or, click the button below to read the article on our website.

[su_button url=”http://www.Bryley.com/wp-content/uploads/2014/05/Bryley-CEOCFO-Interview-4-28-2014.pdf” target=”blank” style=”soft” background=”#cc0c00″ size=”5″]Read The Article Now[/su_button]

 

 

The problem with Heartbleed

/in , /by

Heartbleed is a much-publicized security flaw in the OpenSSL cryptography library; an update to this OpenSSL flaw was published on April 7th, 2014, which was (coincidentally?) the same day that the flaw was disclosed.

OpenSSL runs on secure web servers certified by trusted authorities; it is estimated that about 17% of secure web servers may be vulnerable to an attack based on the Heartbleed flaw, which could compromise the server’s private keys and end-user passwords and cookies.

Fortunately, most organizations with secure web servers have taken steps to identify and fix this flaw.  And, to date, no known exploitations of this flaw have taken place.

Unfortunately, this flaw has been around for over two years and leaves no traces; if exploited, there would be no ready evidence that anything was wrong.

At the moment, there is not much any end-user can do except to logout of any secure web server that has not been patched.  (See http://filippo.io/Heartbleed/, a site created by Italian cryptographer Filippo Valsorda, which claims that it can identify unpatched servers.)

Http://money.cnn.com/2014/04/09/technology/security/heartbleed-bug/index.html contains an informative article and video by Jose Pagliery at CNN Money.

Living with Windows XP

/in , , /by

Microsoft has officially ended general support of Windows XP, but many have not updated or replaced their Windows XP PCs.  Although we recommend against continuing to use Windows XP, particularly in any Internet-facing role, there are some steps that can be taken to reduce the risk of remaining on this platform.

The easiest, but least practical solution would be to disconnect all Windows XP PCs from the Internet or to limit their access to the Internet.  This step could exclude exposure to outside sources, but reduces the effectiveness of these PCs.

The second-most effective strategy would be to replace older versions of Internet Explorer (IE) with a supported Internet browser; replacing IE with Mozilla Firefox or Google Chrome will reduce, but not eliminate, the risk of using a Windows XP PC to browse the Internet.  (Windows XP originally released with IE 6, but most Windows XP systems are now running version 7 or 8.  The current version of IE is 11.)

Updating to Mozilla’s Firefox is easy:

Please see http://www.zdnet.com/windows-xp-support-ends-survival-tips-to-stay-safe-7000028188/ for more information from Charlie Osborn of ZDNet.  Or, visit http://www.computerworld.com/s/article/9246877/US_CERT_urges_XP_users_to_dump_IE?source=CTWNLE_nlt_pm_2014-03-11 for a similar message from Gregg Keizer of ComputerWorld.

Additional steps to reduce Windows XP risk include:

  • Disable the ability to add new applications to a Windows XP PC
  • Remove administrative rights of all Windows XP users
  • Disable ports and drives on Windows XP PCs

See the article from Toby Wolpe of ZDNet at http://www.zdnet.com/windows-xp-support-end-10-steps-to-cut-security-risks-7000028193/.

98% of mobile-device malware attacking Android (DROID) phones

/in , , , /by

Worldwide, a significant portion of the population owns and uses a smartphone;  mobile users search Google over 5.9 Billion times daily while over 6 Billion hours of YouTube are watched each month on mobile devices.  (Statistics taken from a presentation by Intel Corporation at the MOBILE World Congress 2014.)

Since most smartphones are based on Google’s Android operating system, these are the primary targets of malicious attacks.  Kaspersky Labs, a prominent anti-virus software manufacturer, reports that 98% of malware targeted at mobile devices attacks Google’s Android (DROID), which confirms “both the popularity of this mobile OS and the vulnerability of its architecture”.

Suggestions for DROID (and other smartphone) owners to suppress malware:

  • Keep your mobile phone updated with the latest patches
  • Deploy an anti-malware application

Visit http://blogs.computerworld.com/mobile-security/23577/98-mobile-malware-targets-android-platform for the entire article by Darlene Storm at ComputerWorld.

Fitness regime for your IT equipment: Keep it clean, cool, and empowered

/in , , , /by

IT (Information Technology) equipment is somewhat temperamental; it requires reasonable temperatures; stable, uninterrupted power; and some air flow to operate efficiently.  Cleanliness is important.  Here’s how to keep it toned.

IT equipment should be kept in a clean, neat, and (preferably) dust-adverse/static-resistant area; walls with painted surfaces, tiled or coated floors without carpeting, etc.  Fire-suppression equipment is a plus, but cannot be water-based.

Access should be restricted; a separate, locked room is ideal, but a closet with sufficient space and air flow can work for smaller sites.

Dust is the enemy of fans and electrical components; a reduced-dust environment and regular cleaning of equipment fans can lengthen the life of most items.  (Note: cleanings should be performed when equipment is powered-down, which is not always desirable or feasible.)

The area should have dedicated electrical circuits with sufficient amperage to match the power requirements of the equipment.  We also recommend an Uninterruptible Power Supply (UPS) for all critical items (and require them for equipment that we cover under our Comprehensive Support Program); the UPS provides emergency power when the input-power source is unavailable, but it also helps to regulate fluctuations in power, both spikes/surges (voltage overload) and brown-outs (reduction in voltage) that can damage sensitive equipment.

Cooling and humidity control are very important; most equipment runs optimally within a narrow range of temperature (64° to 81° Fahrenheit) and a maximum range of relative humidity of 60%.  HP, in an effort to be “greener”, lists current specifications on its DL360 server that provide a wider range of 50° to 90°F with 10% to 90% humidity (non-condensing).  However, cooler temperatures do make things last longer.  (The DL360 will actually throttle-back the CPU when the air-inlet sensors detect temperatures over 85°F.)

The area should have continuous air flow (to provide new, cool air while removing heated air that is exiting the equipment) and remain uncluttered to facilitate this air flow.  A dedicated A/C unit combined with a closed door is optimal; locating all equipment within a rack enclosure (with blanking panels over open areas) can enhance air flow.

TechAdvisory has 9 tips at http://techtimes.techadvisory.org/2011/11/9-steps-you-must-know-to-prevent-a-server-crash/.

How To Activate Hardware Encryption On iPhone 3GS And Later

/in /by

iPhones from 3GS and later offer hardware encryption; it is activated through the data-protection feature by enabling a passcode:

1. Tap Settings > General > Passcode.

2. Follow the prompts to create a passcode.

3. After the passcode is set, scroll down to the bottom of the screen and verify that “Data protection is enabled” is visible.

You should also encrypt your backup for added security. Check the “encrypt local backup” in iTunes if you back up to your computer. If you back up to iCloud it is automatically encrypted, but be sure you have a really good iCloud passcode.

Upcoming Event: Business Lawyers Network (BLN) February Meeting – Get into the Cloud!

/in /by

John Koenig Focused on Business Succession

Date: Tuesday, February 11, 2014 at 7:30am

Topic: “Use Cloud Services to streamline your practice while protecting yourself from external threats”

Speaker: Gavin Livingstone, President, Bryley Systems

Place: Offices of Brier & Geurden LLP, 160 Gould Street, Ste. 320, Needham, MA (Map)

OVERVIEW

Everyone is talking about, or taking to the “Cloud.” You may be asking yourself, “what is the Cloud and how can I get some for myself?” Or you’re wondering “will I and my client data be safe in the Cloud?” In this program, you will learn the hows of the Clouds, including:

• How to compare popular Cloud services.
• How secure your systems from spyware, spam, and unauthorized access.
• How to ensure the integrity of your valuable data, whether inside your office or out in the Cloud.

ABOUT THE SPEAKER

With over 30 years of experience in the computer and telecommunications industries, Gavin Livingstone has considerable knowledge of leading-edge technologies and business-productivity tools. In 1987, he founded Bryley Systems Inc., a computer-networking and maintenance firm, and has successfully steered Bryley Systems to its current size of 12 employees with over 200 clients in eastern and central Massachusetts. Mr. Livingstone is a Novell Master Certified Netware Engineer (v5), a Microsoft Certified Systems Engineer (v3.51), and a Boston College MBA.

CryptoLocker Case Study

/in , , /by

The following event depicts a real-life malware attack that infected a New England manufacturing firm. The company has chosen to share its story anonymously to help other businesses avoid a similar fate.

The unsuspecting sales rep certainly reacted in a way anyone would expect. He received an email with a voicemail attachment that looked like it came from the company CEO. When the CEO calls, reps jump to attention, and at this particular manufacturing firm based in New England, the business relies on a communication system that sends voicemails as email attachments. So the sales rep had no reason to suspect anything was wrong.

As it turns out, something was very wrong.

Click the link below to read the full article.

Bryley — CryptoLocker Remediation — 2013