KnowBe4 Offers to Pay your Crypto-Ransom if You Get Hit

In an impressively confident offer, the Internet Security training firm KnowBe4 has offered to pay the Crypto-Ransom if an organization that completes its user training subsequently gets hit by ransomware such as CrytoLocker, CryptoDefense, or CryptoBit.

Said Stu Sjouwerman, founder and CEO of KnowBe4, “We are so confident our training works, we’ll pay your ransom in Bitcoin if you get hit with ransomware while you are a customer.”

It’s refreshing to see a training company that’s so confident in its product and methodology that they’re willing to offer such a guarantee.

You can get more information at the KnowBe4 website  

 


 

 

“Incoming Fax Report” Scam

Here’s another scam to alert your users to watch for.

You receive an email with a subject line similar to ‘INCOMING FAX REPORT: Remote ID: xxx-xxx-xxxx’.

The message body includes some fax-like info including data/time, speed, connection time, pages, etc. It then includes the statement “Please use the following link to download your file:“.

The link provided will take you to a page that will infect your computer with spyware/malware.

Spam filters can’t block these types of messages – you have to rely on educating your users to the threat and reminding them to stop and think.

Everyone stay safe out there!


 

‘This Damaging Report Concerns You’ Scam

We’re all concerned about what info might be online about us, so this latest scam is sure to snag a few unsuspecting victims. Here’s how it works.

The bad guys send you an email with a subject line similar to this: “{username from your email address} this damaging report concerns you“. The message body typically has a reference to ‘damaging information leaked’ and the date and your email name again. There’s also a ‘record’ number and an admonition ‘Don’t let your reputation be ruined because of this published report

There are usually a couple of links – we’ve seen several to the naricbide.com domain which is a hacked system in Connecticut.

Clicking on the links infects your computer with keylogging malware designed to steal your data.

Antivirus and anti-malware software can’t stop these types of attacks so the key again is to educate your users. Always be suspicious of email messages received from a sender you don’t know, and if the message threatens you with something if you don’t act, it’s probably bogus.

Everyone be safe out there!


 

Use Craigslist to Hire? Read this Alert

You probably already know about CryptoLocker – the malware that encrypts everything on your local hard disk and then demands you pay from $500 – $1,000 or you’ll never see it again. Well now there’s a new threat and it comes into your organization in  way that greatly increases the chance of it successfully attacking your business.

The bad guys now search through Craigslist looking for companies advertising for help. They then send in an email response with an attached ‘resume’. The person in HR opens the attachment and boom, they’ve just infected the network with CryptoLocker.

What makes this doubly concerning is that typically the person in HR – or maybe even the business owner if its a small company – is the one looking at these resumes and they have a high level of access to files and data. This means that the potential damage can be much worse than for a lower level employee.

What can you do to protect your network? Employ some security ‘best practices’ such as removing certain attachments from email messages, restricting users ability to install software, maintaining robust web and email filtering, implementing and testing comprehensive backups and restores, and encrypting your sensitive data. But most important is to educate and train your users. As our friends at Cyberheist News are fond of saying, “Your weakest point in any security model is the person who touches the keyboard.”


 

MicroData Named to mspmentor.net Top 100

We’re pleased to announce that we’ve been recognized by mspmentor.net as one of the Top 100 Small Managed Service Providers in the U.S, as reviewed in the March 2014 issue of mspmentor.net!

Read the press release here.

Sony’s New 185 TB Tape Cartridges

Sony has just announced that it has developed a new technology that permits 185TB tape cartridges – that’s more than 5 times the current highest density.

So why does this matter? Because as volumes of data continue to grow, tape is still widely used for data backup. It’s thousands of times faster than cloud backup solutions, highly reliable, and easy to control and secure.

Look for the new technology to be available commercially later this fall.

 


 

Internet Explorer Vulnerability and Windows XP

As I wrote a few weeks ago, if you’re still running Windows XP you are officially ‘on your own’ as it relates to updates and patches. Just this week a problem was reported with Internet Explorer and is a perfect example of what I meant.

A so-called ‘Zero Day’ bug was found with most versions of Internet Explorer. If exploited it would allow an attacker to control a computer with the same rights as the person using it.

Microsoft will patch this as it routinely does with other issues – usually on ‘Patch Tuesday’ – Microsoft’s monthly security update release process. If they feel it important enough they’ll release a patch sooner – what they refer to as ‘out-of-cycle’.

But if you’re computer has Windows XP you won’t receive any patches or updates as they won’t be released for that OS. So if you still have Windows XP systems that you’re using, really think about moving them to Windows 7/8 ASAP.

 


 

 

Heads up! The Windows XP Scams Have Started

I wrote about a month ago that you should expect to start seeing the bad guys exploiting the end-of-support of Windows XP. They haven’t wasted any time and the latest tactic is particularly aggressive, so alert your users. Thanks to our friends at CyberheistNews for this latest tipoff. Here’s how this scam works.

The criminals either send an email or make unsolicited telephone calls and claim to be from Microsoft or your Help Desk. They then tell you a bit of truth about Windows XP being unsupported (which you already know if you’re running Windows XP and seeing the pop-ups telling you this) and then that there are exploits in Windows XP that can’t be fixed automatically anymore. But they then claim to have a patch they will manually apply if you give them access to your computer.

Once they’ve got onto the computer they ‘own’ it and can subsequently hack into the rest of the network with relative ease.

Remind your users that Microsoft and it’s partners never make unsolicited calls. If you get a call or email that purports to come from ‘Support’ or ‘Microsoft’ telling you that you need to do something, hang up and call your real IT support team.

Everyone be careful out there!


 

Heartbleed Bug. Is Your Organization Affected?

This week’s news has contained a lot of info about the so-called Heartbleed Bug. Here’s a quick snapshot of what you need to know as an organization and what your users should know.

First, Heartbleed is tied to what’s called ‘OpenSSL’ security implementation on computer systems – primarily Linux systems. Windows systems appear largely unaffected. SSL provides communications security and privacy over the Internet for applications such as web, email, instant messaging, and some virtual private networks.

The implications are pretty serious. In testing by Codenomicon, access was achieved to systems from the outside without leaving a trace and testers were able to gain access to user names and passwords, messages, emails, and business critical documents.

Netcraft has reported that many sites are already deploying new certificates in response to this issue including,  Yahoo, Adobe, CloudFlare, DuckDuckGo, GitHub, Reddit , Launchpad, PayPal, Netflix and Amazon’s CloudFront content delivery network.

If your organization has Linux systems you should immediately test them using publicly available tools and if you have a problem, deploy a new, fixed OpenSSL solution ASAP.

What do you do as a user? If you can connect to a site or appliance using HTTPS, and it’s not running on Microsoft Windows, consider it vulnerable until proven otherwise. Look for confirmation from the site that it has tested for the vulnerability and it has either corrected it or verified it isn’t affected. And of course, this would be a good time to change your passwords for any SSL secured sites – just as a precaution.

 


 

The Bad Guys are Waiting for April 8

Most of you are probably aware that Microsoft is ending support for Windows XP on April 8. That means no more patches, bug fixes, or updates. But what many of you may not know is that cyber-criminals have been hoarding discovered vulnerabilities, patiently waiting for April 9, so that they can then use or sell them. There are some estimates that there are hundreds of potential vulnerabilities out there waiting to be exploited.

What can you do if you still have XP machines in production? There are basically 3 options.

  1. Microsoft has created an incentive program called Get2Modern that offers discounted pricing on Windows 8 software upgrades. Expect around $140. But keep in mind that many older machines running Windows XP and many older applications may not be able to run on Windows 7 or 8, or may require hardware upgrades. And upgrading the operating system on a XP machine to Windows 7 or 8 isn’t trivial as there is no direct upgrade path. Expect to spend many hours for each machine.
  2. You can purchase/lease/rent new desktops or notebooks that come with the latest version of Windows – and a new machine warranty, as well. And prices are pretty attractive right now. For example, we just had a customer pick up some HP All-in-One desktops with Windows 8.1 Professional for less than $500. And monthly rentals with Windows 7 or 8 and the latest version of Microsoft Office are only $49
  3. If you must keep old XP machines around for a while, you can take certain steps to mitigate the exposure you have. See the article from our friends at KnowBe4 for details.

 


 

6 WiFi Deployment Tips for Business

Thinking about offering your guests wifi access at your business? It’s a benefit your customers will really appreciate, so here are some tips to get you started.

  1. Given regulatory compliance and not having your customers use up all your bandwidth, consider getting a separate Internet service and dedicating it for customer or guest use. Keeping your business data, POS terminals, and all your customer’s credit card info separate from whatever your guests are doing is a smart idea that doesn’t cost much. We often have our customers pick up an inexpensive DSL or cable circuit just for this purpose.
  2. If your business layout is complex or has multiple floors, get a vendor in who specializes in wireless networking and have them do a site survey. This will ensure that you get adequate coverage for all areas and also that you have enough access points to handle the number of end-user devices to be supported.
  3. Speaking of the number of devices to be supported, 8 or 10 is a realistic limit for a decent business class wireless access point, so don’t undersize to try and save money. Everyone that comes into your business will have at least one wifi device – kids usually have several. It’s better not to offer the Internet at all rather than have intermittent or painfully slow service.
  4. Make sure you set up your guest wifi using the latest technology access points that support both 5 GHz and 2.4 GHz devices. This helps support older devices, balances loads, and customers with newer equipment will enjoy the greater performance.
  5. Make sure your access points are MIMO devices – multiple input and multiple output. These devices offer significant increases in range and data throughput compared to the last generation of wireless access points. They also support a variety of antennas so support specific building layouts and even outdoor use.
  6. If you’re not sure what you’re doing, get some help from a company that specializes in wireless networking.

 


 

9 Characteristics of a Good Website

I’ve been in working in IT since before the Internet existed, so I’ve seen almost everything. Last week I discussed why most web-based businesses fail and why company websites usually don’t produce a positive return on investment. So what makes a website – particularly a website for a small or mid-sized business – profitable and deliver leads and sales? Here are 8 characteristics of good websites I’ve observed through the years.

  • Good websites actually work properly. Need I say more?
  • A good website often caters to a niche. Crafting your message for a group that you know well is a powerful strategy. Remember, it’s all about communication so the better your focus and the clearer your message, the more effective a site will be.
  • Good websites keep it simple. Flash and videos can be fun, but that often isn’t what communicates value. I’m not saying that good design and following proper HTML rules aren’t important – they are very important. But if your site is just entertaining, people will watch the show and then depart – leaving you with nothing.
  • Good websites often have unique or hard to find products. Selling or promoting the same thing as everyone else usually doesn’t work. When I mention selling unique items many business people don’t think there’s enough traffic to warrant it. But remember that if you’re extending your reach nationwide and hopefully worldwide – you’ve got a huge audience. And the great thing about the web and Internet advertising is you can rapidly try things and see what works.
  • Good websites connect with people. If you’ve ever visited a website and just found the entire experience pleasant and positive, then you’ve experienced a site that connects well. These sites present their goods or services in a positive way that literally clicks with their customers. This is where a good web designer can be really valuable as they have what I call web gestalt.
  • Good websites have lots of useful related content. Sure you’re trying to sell products or services, but having good supporting content makes it clear that you know what you’re doing. And it also makes it clear that you’re not just re-packing some someone else’s product which you actually know (or care) nothing about.
  • Good websites integrate well with their underlying business. If your site is selling products, it should be a natural extension of your brick and mortar business and not some awkward add-on. If someone calls about something on the website your conversation with them should be as easy and natural as if they walked in the door. This fit is what allows you to keep your website current and relevant – it’s easy when it’s what you already do.
  • Good website re-package things in unique ways. You might think that because you sell a service that you’ve got nothing to put on your website except your phone number. That’s wrong. You’ve got expertise and that’s valuable. Expertise is both factual knowledge and knowledge about how to apply the facts. Figure out how to package your expertise so you can capture the interest of visitors.
  • And good websites are useful. Simply having pages of content doesn’t make a site useful. In fact, it can be downright boring. The best websites cause people to immediately bookmark them because the user knows they’ll want to be back for more. How many people would bookmark your website?

“Most Web-Based Businesses Lose Money”

While Spring hasn’t really thought about showing up in New England yet, tax season has come with it’s usual painful  side-effects. One plus I always get from the experience is chatting with the partner in our CPA firm that services our account. If you really want to know how the economy and business are doing, talk to the people doing the taxes.

Anyway, this year the partner we work with at our CPA firm made an interesting comment. He observed that while one of my web-based businesses had done well in 2013, “most never turn a profit.” How can that be? The web and Internet are supposed to be the driving force of the new economy, right? The web allows you to reach to millions of customers all of whom are eager to find out about you because of all time you spend creating social media content, paying for SEO, and paying for clicks, yes?

Here are some observations as to why it doesn’t work out that way.

  1. Social media is turning into a collection of mostly junk. With fake users, fake news, fake product endorsements, and search engines bogged down by bogus content, people are more skeptical of what they see online or receive via email than of a used car salesman. Most users now expect that every click is just data for future marketers. I’m predicting that in 5 years social media will be unrecognizable from its present form. Could be bad news for the major search engines.
  2. Websites without content. I use the web constantly and I’m amazed by how bad some sites are – and I’m not talking about a mom-and-pop business with limited funds and knowledge, but large corporate sites that shouldn’t have an excuse. In some cases the sites have become so complex that they have reached beyond what might make them useful, but in other cases the corporate owners really don’t care.
  3. Websites with the same products as everyone else. This one is easy – if you’re just selling the exact same product or service that’s already available on Amazon or from Walmart.com, give up now. It’s not to say you can’t add value to make your web presence distinctive, but it requires a plan and some effort.
  4. A Web presence without a plan. Simply having a website doesn’t mean you’ll do more business or make any profits, yet it’s amazing how many business owners and executives think so. How does your website fit into your business plan? I tell business owners a website is like a hammer. If you buy and hammer and put it in a drawer, nothing will ever be built.
  5. Fuzzy Math. In some cases businesses just don’t do the math. Look at your margin then realistically look at revenue you can generate from the website or assign a value to the leads you’ll create. Are you being realistic about the payback? Especially when you consider that to keep your site relevant you’ll be constantly investing time and money.

In a future post I’ll talk about some of the secrets for websites that do work.

 


 

Will ATM’s Running XP be a Security Risk?

According to the ATM Industry Association most ATM’s will continue running Windows XP after Microsoft ends support for the OS. I can’t say that I’m surprised even though banks and financial institutions have had years of advanced notice of the retirement of XP.

In the US about half of ATMs are run by banks and the other half by independent operators. Upgrading is a significant effort (and cost) which probably explains why so many ATMs are still running XP.

Microsoft has specifically pointed out that the end of XP support means it will become vulnerable to future exploits, but that also doesn’t automatically mean that ATMs will become vulnerable. They are ‘closed’ systems that only perform a single task and there are safeguards that can be taken that will allow them to continue to achieve PCI SSC compliance – for a while.

But PCI compliance as well as several state laws – such as Massachusetts 201 CMR 17 – require that systems have software that’s supported by the manufacturer.

So will there be a security risk? Yes, but it’s not doubling overnight. But minimally the owners of the ATMs you use should have a plan in place for fairly immediate migration of the ATM to newer software standards.

And by the way, this problem extends far beyond ATMs. Most restaurant and retail store point-of-sale terminals also still run on Windows XP.

 


 

 

Malaysian Airlines Facebook Scam

Facebook users beware of a scam posting about the missing Malaysian Airlines Flight MH370. A posting by cyber crooks is claiming the missing aircraft has been found in the Bermuda triangle and invites users to see video footage by clicking a link on a malicious website.

 


 

Office 365 Personal Edition

Just announced by Microsoft is their Office 365 Personal Edition. It’s basically Office 365 but now in a single-user version.

Office 365 Personal Edition will let the user install Office 365 on one PC/Mac and one tablet. Pricing is reported to be $69.99 per year or $6.99 per month.

Office 365 Home is still here too, priced at $99.99 per year but allowing installations on up to 5 PCs/Macs, and 5 smartphones.

This pretty well completes Microsoft’s move to offer everything they have in a subscription model. How well the marketplace responds to this is yet to be seen but Microsoft certainly isn’t the first to pursue recurring payments from customers for products and services.

Our recommendation? If you’re a home user make sure you explore all your licensing possibilities especially if you have a student living with you as there are special student options. If you’re a business you have many options for licensing and renting (yes, you can rent server and desktop software on a month-to-month basis), so talk to a Microsoft licensing professional to get more information before you act.

 


 

Cell Phone Scam – Alert your Users!

A nasty social engineering scam has surfaced combining a call to your cell phone along with a fake website. This one is pretty sophisticated – here’s how it works.

You get a call on your cell phone and the Caller ID appears to be from ‘Verizon Tech Support’ or ‘AT&T tech Support’ or similar. You hear a recording that your entitled to a voucher for your account for as much as $100. You are directed to a semi-legitimate sounding website that incorporates the voucher amount. Something like ‘ATTvoucher89.com’ for a promised $89 voucher.

When you go to the site it looks pretty good as the scammers have stolen all the legitimate site logos and text. You’re asked to enter your cell number, your account ID and password, and sometimes even the last 4-digits of your social. Give them all that and boom, they have what they need to begin a full identity theft.

Remember, NEVER TRUST CALLER ID – on any call. It’s easy to fake. And never act on calls or email messages offering you free stuff. There is no free lunch.

Thanks to our friends at Cyberheist News for passing this one along to us.

Everyone be careful out there!

 


 

Windows XP Support Ends in 36 days and PCmover Express

Unless you’ve been seriously out of contact for a while, you probably already know that Microsoft’s support for Windows XP is ending this spring. But like the April 15 tax deadline, these dates have a way of sneaking up on you and suddenly you realize it’s SOON.

Starting March 8 look for a popup message on your Windows XP computer from Microsoft reminding you that support for XP is ending on April 8.

And to help you out with transferring your old data and settings to a new computer, check out PCmover Express just released by Microsoft in conjunction with Laplink. PCmover Express will copy your files and settings to a new device running Windows 7, 8, or 8.1. Available later this week from windowsxp.com

 


 

New Email Amex Scam – “Important: Personal Security Key”

Everyone be watching for this new scam. Users get an email with a subject line of ‘Important: Personal Security Key’. There’s a graphic with the text ‘Fraud Threats: How American Express Helps Protect You’ and some information and a request that you create a ‘Personal Security Key’. All this so that American Express can supposedly help protect you.

Of course, if you click on any of the links you’ll be taken to a bogus sight where the bad guys will try to trick you into entering your Amex card info and boom, the fraudulent charges will start rolling in.

The tip-off’s this is bogus? They are the same as usual:

  • Not personally addressed to the recipient
  • when you hover your mouse over the link for www.americanexpress.com you can see that the destination if clicked is an entirely different site (bullisfabrication.com on several of the messages we’ve seen)
  • Formatting on parts of the message are amateurish

Remind your users; stop, think!

 


 

Microsoft Office Online; Familiar and Free

In case you hadn’t yet heard, Microsoft Office Online is now available for free to anyone that’s got a Microsoft account (Live, MSN, etc). It’s part of Microsoft’s strategy to have a full cloud suite of applications that competes with (and in Microsoft’s opinion, trumps) Google’s Drive – formerly Google Docs – as well as Apache’s OpenOffice.

Microsoft’s thinking is that why would anyone settle for something that’s ‘somewhat’ compatible when they will now give you the real Microsoft Office for free? And when you go to Office.com and open Word, even the menus and screen layout are very familiar to someone that’s worked with Office 2010 or 2013.

There isn’t quite the full range of functionality that’s available in Office 365 or the standalone version of Office Professional, but for banging out a quick letter it’s more than adequate. And of course they’ve neatly tied in online storage with SkyDrive, now renamed OneDrive.

In our testing everything works well and the familiar menus definitely help make the experience friendly.

 


 

New Data Center is Live!

While not 100% finished, our new data center is live with the first server cluster installed and running. The second empty rack you see will be for customer’s hosted physical servers. A third rack (not yet present) will be for some of our own internal equipment.

 

And yes, it’s snowing again…


 

2014-02-19_15-33-47_663

Say Goodbye to Office 2003

Most people by this time have at least heard that Windows XP will be end-of-life this spring, but what many people don’t know is that Office 2003 is also slated to be retired. This means that similar to Windows XP, there will be no more patches or bug fixes for Office 2003.

For those of you operating in a regulated industry where minimum security requirements exist – or any business in Massachusetts where 201 CMR 17 requires computers to be patched, it’s time to start planning on your transition.

 


 

“Image has been sent” scam: Heads up!

In an interesting variation from the scammers out there, be on the alert for an email message that shows up with a subject line of “Image has been sent <youremail@somewhere.com>”

There are a couple of links which if you click on them take you to the malware payload page.

This is a slightly different ploy trying to entice you to click on the links because of the lack of information – you do want to find out whatever image was sent, don’t you?

So alert all your users and remind them to stop and think before clicking on any links!

 


 

HP Proliant ML350p G8 – Small Business Powerhouse

We’re in the midst of building up a new server for a start-up. After reviewing needs with the customer, we’ve selected the HP ProLiant ML350p G8 server. We selected this server for many reasons; it will scale easily as the company grows and support up to 75 users, it’s extremely powerful with the latest Intel Xeon 10-core CPUs, it’s an incredibly tough machine with redundant SAS boot and data volumes,  dual power supplies, and redundant system fans. It’s also backed by the industry’s best service and support with 3-year onsite, 4-hour time-to-response warranty.

ML 350 taking shape
ML 350 taking shape

 

 

 

 

 

 

 

 

 

 

 

 

 

 


 

 

 

 

 

Free Credit Monitoring Scam. Heads up!

It’s not bad enough that Target’s systems this holiday season were compromised and as many as 100 million credit card accounts compromised. Now to make it worse, scammers are capitalizing on the fact that Target and many other retailers are offering free credit monitoring services to their customers.

The scam works like this; you get an email telling you that because your credit card account was compromised, you run the risk of unauthorized charges and identity theft. But the ‘merchant’ is offering you a free subscription to a credit monitoring service. Just click on this ‘link’.

So warn everyone to watch out for this scam and that any link or attachment for your so ‘sign up’ is likely a scam.

Be careful out there!

 


 

MicroData’s New Data Center – Update!

For those of you following the build out of our new data center, the walls are up, windows and door are in, and a new 3-ton AC unit is scheduled to be installed Thursday. Biometric security access system is set to be installed early next week.

Data Center Work Continues
Data Center Work Continues

 

 


 

5 Most Dangerous Email Subject Lines to Watch For

The scammers are out in full force in 2014 so warn your users to be on the alert for phishing email messages. Here are the top 5 most dangerous subject lines based upon recent research done by our friends at KnowBe4:

  1. Invitation to connect on LinkedIn
  2. Mail delivery failed: returning message to sender
  3. Dear {insert bank name here} Customer
  4. Important Communication
  5. Undelivered Mail Returned to Sender

Everyone be careful out there!


 

MicroData’s New Data Center under Construction!

I thought everyone might like to see a picture of early construction of our new data center:

DataRoom

This new facility will house the equipment for our rapidly growing Private Cloud hosting service. The new room will be state-of-the-art with dedicated HVAC, N+1 power redundancy, and biometric security.

We’ll post more pictures as work progresses.

 


 

New Private Cloud Cluster Taking Shape

Our Private Cloud business is booming and we’re in the process of building both a new larger data center and several racks full of equipment to keep up with demand. Here’s a picture of the first rack of equipment getting set up.

New Cluster Taking Shape

If anyone is interested in the technical details, we’re using HP ProLiant servers for the nodes running Windows 2012 R2 Enterprise and a Promise SAN.

We’ll post more pictures and updates as work progresses this month.


 

“Scheduled Home Delivery Problem” E-mail Scam – Here’s what to watch for

Just in time for the holidays is yet another email scam. Here’s what to be on the lookout for:

You get an email purportedly from Walmart, Costco, or some other large retailer. The subject line is something intended to fool you into thinking there is a delivery problem with something you may have ordered or a gift that’s coming to you. The subject line is something like “Scheduled Home Delivery Problem” or “Express Delivery Failure”.

The message may have the company logo and an ‘order’ number and has links to check out the order and also to fill out a form to give updated shipping info. Clicking either link infects your computer with malware designed to steal your accounts, passwords, and other sensitive data.

The giveaways that it’s bogus? The message isn’t personally addressed to you (it’s a ‘Sir/Madam’ or ‘Dear Customer’ format’), the language is poor English, there’s a threat (‘you will get your money back but 17% will be deducted’ for some reason), and if you hover over the links without clicking, you’ll see that they resolve to addresses that have nothing to do with the merchant.

So warn your users and remember to stop and think before clicking!


 

MicroData’s President Glenn Mores Featured in CityTownInfo.com

MicroData’s President Glenn Mores was featured today in a story published in CityTownInfo.com, a web-based resource for information and analysis on US places, careers, and colleges. The story, A Call to End College Essays: Constructive Move or Cop-Out?, examined a controversial proposal by Rebecca Shuman in Slate magazine where she called for an end to assigning essays in college courses. As both a Senior Lecturer in MIS at Boston’s Northeastern University and also the President of MicroData, Mr. Mores was asked to provide a unique, dual perspective encompassing both the teacher and the employer.

CityTownInfo.com is owned by QuinStreet, Inc. (NASDAQ: QNST) and is headquartered in Foster City, CA. Read the article here.


 

2 Million Accounts Compromised – ADP, Facebook, Google, others

SpiderLabs, a security team that’s part of the security company Trustwave, reports that they have found over 2 million stolen credentials available for sale on the Internet.

Included in the massive collection are credentials from the payroll provider ADP, Facebook, Google, Yahoo, Twitter, and LinkedIn. Most appear to have been stolen with a piece of malware that searches systems for likely looking stored accounts and passwords as well as watching browser activity and recording logins as they occur. The captured info is then sent off to the bad guys for cleanup and ultimate sale.

The most common password? 123456

The malware causing all this havoc would be stopped by keeping computers and browsers patched and up to date, and of course keeping anti-virus software updated.

If you’re concerned about any of the above accounts you use, this might be a good time to change those passwords.

Keep your organization’s and personal computers updated and please ask you users to come up with passwords that at least make it a bit harder for the thieves. A good guideline is to use at least 8 characters, a mixture of uppercase and lowercase, and some symbols mixed in.


 

How to Detect Online Holiday Deal Scams

It’s the season for holly and mistletoe, but unfortunately that means that the scammers are working overtime. They know that a record amount of online shopping is being done online this year (and especially this Cyber Week) – and a lot of it is being done at work – so they are trying hard to infect computer systems and steal info.

How is it being done? Mostly by offering incredible sounding deals in an email message that when clicked, take you to a completely fraudulent website whose purpose is to get you to type in that credit card info or to infect your computer with malware.

So tell your users to stop and think. If they see a deal for a 60″ LED flatscreen TV for $299 from a vendor you’ve never heard of, stay away!

And these ‘deals’ are coming via social media and on mobile devices too.

So warn your users. And as the old saying goes, if it sounds too good to be true, it probably is.

 

 


 

Does an OS have a Shelf Life? Windows XP Does – Here’s Why.

By now you’ve probably heard that Windows XP support from Microsoft officially ends this April. Many just brush off the end of support as a cynical marketing ploy by Microsoft to compel users to purchase an upgrade. But here’s why it isn’t.

Windows XP was a remarkable operating system in its day. Consider that it had to run most of the old 16-bit Windows software on the market while at the same time laying out the framework for a real 64-bit OS which we enjoy today (Windows 7/8). But fair is fair. It is fundamentally no where near the OS that Windows 7 or 8 is and no amount of patching and TLC will ever make up the difference. And the needed environment and security threats that exist today weren’t even contemplated when Windows XP was being created.

So what will happen if you don’t upgrade systems using Windows XP by this coming April? Based upon what happened when Windows XP Service Pack 2 went end of life in 2010, malware infections increased a whopping 66%. Check out the data here. I would anticipate similar problems this April.

So plan to make the transition sooner rather than later. For most current versions of applications it’s not a big deal but if you have older vertical apps, it’s time to start working on it.

 

Ransomware Comes to the Mac

Researchers at Malwarebytes, a leading security firm, recently reported that they have found a strain of ransomware targeting Safari users. When users visit a website that’s been infected with the malicious code, their browsers are hijacked and they receive a message claiming to come from the FBI.

The message tries to scare the user with an official looking format saying that their ‘browser has been blocked’ because their computer was used to violate copyright laws, view porn, or it had tried to hack into some system illegally. In some cases it’s being reported that the system is infected with malware and users are being coerced into paying a fee to remove the threat.

The scam demands $300 from the victim that can be paid through Green Dot MoneyPack by purchasing a pre-paid card and then transferring it to the scammers.

According to Malwarebytes, if you get hit by this threat don’t try to do a ‘force quit’ on the page – Safari will auto-restore the page when it comes back up. Instead, click on the “Safari’ tab on the navigation bar and choose ‘Reset Safari’ ensuring all the boxes are checked. Then hit ‘Reset’.

Everyone be careful out there!

 

Adobe Security Breach Much Worse than First Reported

As most of our readers know from a post we did about a month ago, Adobe’s systems were hacked and the bad guys essentially got away with whatever info they wanted. Early reports estimated that up to 38 million accounts and passwords were stolen. Well, that’s been revised upward – a lot.

The stolen data has now appeared for sale online and from that info it’s now pretty certain that upward of 150 million accounts were compromised.

To make matters even worse, it appears that Adobe did little to safeguard the info as they implemented only a basic form of encryption. You can read an interesting synopsis from the folks at Sophos: http://nakedsecurity.sophos.com/2013/11/04/anatomy-of-a-password-disaster-adobes-giant-sized-cryptographic-blunder/

The moral of the story? Don’t believe it can’t happen to your company or organization and make every effort to keep your information as safe as possible.

Microsoft Releases IE 11 for Windows 7

Microsoft has formally released Internet Explorer 11 for Windows 7 users. You can download and install at http://windows.microsoft.com/en-us/internet-explorer/download-ie

What’s new? To start, about a 10% speed improvement which is always welcome. But Microsoft has also added quite a few other useful items & features:

  • Improved touch support for tablets
  • Much faster javascript performance. Microsoft claims faster than Chrome, Firefox, or Opera. We’re not sure of any actual numbers but it is much quicker
  • Tighter security. IE 11 is much more savvy about protecting you from social engineered malware – see report here. For this reason alone it’s worthwhile as an upgrade.
  • A more fluid interface. This is actually quite nice – manipulation of windows and objects is very graceful and seamless

Worth getting? We think so. And while you can manually download today, Microsoft will automatically push the new version out to users over the next several weeks.

Make sure you test compatibility with older browser-based apps before rolling out company wide.

Electronics on your Next Flight!

You may have heard that the FAA has finalized rules allowing broader use of personal electronics devices on flights, but we’ve had quite a few questions about the specifics. While each airline is free to implement greater restrictions that the FAA is allowing, you can probably expect most to have similar rules.

  • Wi-fi and cell phones will still be a no-no during critical phases of flight. That’s typically going to be takeoff and landing.
  • And cell phones will always be a no-no in flight. Turning off the cell signal or putting them into ‘Airplane Mode’ will be OK, however.
  • Tablets & computers. If you can turn off the wi-fi function, you should be able to use these devices from the moment you sit down until you exit the plane.
  • Kindles, Nooks, hand-held game consoles. As long as they have a way to turn off the wi-fi function, you should be good to use them for the entire flight.

Expect there to always be a clause in the rules so that the flight crew can ask everyone to turn stuff off if they feel it necessary.

As to roll-out by specific airlines, it will vary as there is some testing of each aircraft that will need to be done first. Some airlines like Jet Blue are already all set. Check at your favorite airline’s website for updates.

And please – spare your fellow travelers and bring some headphones for your portable devices!

Amazon Starts Collecting Mass. Sales Tax

In case you might not have noticed, Amazon started collecting Massachusetts 6.25% sales tax as of this morning.

Amazon reached the deal with Mass DOR officials last year. Long sought by the state due to their insatiable appetite for tax receipts and also by brick-and-mortar stores that claim it will ‘level the playing field,’ the state projects it will bring in about $36 million in  additional revenues before the fiscal year’s end on June 30.

While many local merchants are expecting a sales jump this holiday season because of the leveling, I’m not so sure. My expectation is that Amazon will simply lose business as consumers move their shopping to lower cost alternatives. The big winner will again probably be the state of New Hampshire that has no sales tax and is only a short drive away for many in Massachusetts.

I’ll be interested to hear your opinion – will the added 6.25% cause you to purchase less from Amazon or will it not matter?

MicroData’s Private Cloud Service Now Available!

Happy Halloween everyone! It’s hard to believe October is already over so get ready for winter (if you’re with us in New England, that is).

With the arrival of November we’re very excited to announce availability of our Private Cloud service. If you like the idea of moving some or all of your organization’s data to the cloud but have concerns over security, privacy, and migration issues, Private Cloud is for you!

With MicroData Private Cloud service your data and applications are moved to the cloud, but your organization maintains exclusive access. In other words, your information isn’t co-mingled with anyone else’s. And everything is securely stored at our Beverly Massachusetts data center – never overseas or with someone you don’t know.

And because everything is stored with MicroData, you get the full technical skills of MicroData engineers to migrate, deploy, and support your new Private Cloud environment.

MicroData’s Private Cloud service is available now and as a special November introductory offer, we’re offering your first month of Private Cloud for free.

To learn more, call us at 800.924.8167 or visit us on the web at www.microdata.com

MicroData’s President Glenn Mores featured in Business News Daily

MicroData’s President Glenn Mores was just featured in Business News Daily. The story, What IT Department? Online Tech Support is a Small Business’ BFF talked about the significant advantages that SMB can realize from utilizing remote support from an IT provider. Glenn was asked to contribute because MicroData has been a leader in remote IT support services, tools, and techniques for over 20 years.

Business News Daily is headquartered in Ogden Utah. Read the article here.

Ransomware! What it is and How to Avoid it

We just helped out a customer that got hit by Ransomware, in this case CryptoBlocker. For those of you that don’t know what ransomware is, it’s a type of malicious software that gets installed on your computer and allows criminals to lock access remotely. It then pops up a big window which presents you with a message informing you that it can be removed by paying from $100 – $300 via credit card. Crypto

It’s called ransomware because its not trying to trick you. The crafters of these nasty little apps typically come right out and tell you that you’re being ‘shaken down’ in order to get your files or normal operation back. Pay the money or else…

CryptoBlocker is particularly evil as it encrypts all the user files on your disk (Word, Excel, PDF’s, etc). And particularly alarming, it also encrypts all the files found on any mapped drives in your organization. Because the files are encrypted by a public/private key with a very complex encryption formula, you can forget about somehow decoding it (unless you’re the NSA).  And this isn’t something that can be removed by your antispyware or antimalware software. Your only choices are to either pay the ransom or just delete all that data.

How can you get infected? Usually by clicking on an attachment in an email message with a ‘zip’ extension. By doing this you self-infect your computer and no antivirus software in the world will stop it.

Email messages try and trick you into opening the attachment by pretending they are from UPS, FedEx, a bank, an eFax, or a voicemail message.

This is another reason why it’s so important to educate yourself and your users not to open attachments to messages unless they are 100% sure they know who they are from.

And organizations should take some preventative actions, too. Email systems should be configured to block .zip attachments (and several other known malicious formats), and user workstations should either be configured to prevent installing software or have System Restore points regularly created so that a computer can be ‘rolled back’ to a pre-infected state.

Everyone be careful out there!

Finally – Microsoft Releases a Remote Desktop App for Smartphones

One of our senior engineers, Matt Liacos, just found a great resource. On October 20 Microsoft released a Remote Desktop app for both Android and iPhones. This lets you connect seamlessly to any Windows 7/8 (Pro) desktop or Server. Company networks are fully supported via Terminal Server Gateway, Remote Desktop Web Access, and VPN (through iOS built-in VPN options).

Android users can download the client at: https://play.google.com/store/apps/details?id=com.microsoft.rdc.android

iPhone users download at: https://itunes.apple.com/us/app/id714464092?mt=8

For question about functionality and set up Microsoft has put together a FAQ in TechNet

HP DL360p G8 Servers – Compact Power

We are doing a server refresh for a client and they have selected the space-saving and power-reducing HP ProLiant DL360p G8 servers. At 1 rack space each, these take up a fraction of the room of their previous servers, but with Intel Xeon E5 2620 CPUs featuring 6 cores, 15MB cache, and multithreading, they can easily handle any SMB task including virtualization.

Power savings is amazing with the new G8 servers. Electricity savings over the soon-to-be-retired servers will actually pay for the entire unit over its expected life.

DL360s
Two new HP ProLiant DL306p servers

 

In this case one server will be a domain controller and the other running Microsoft Exchange 2013. Exchange 2013 has some attractive new features including improved usability, centralized role-based access control, built-in malware protection, and compliance and e-discovery capabilities.

Not only have we designed the new environment, but we’ll be deploying and managing everything on a day-to-day basis.

Adobe Systems Hacked

We just learned that Adobe is communicating with customers that have an account on their website that their systems have been ‘illegally entered’ and that user IDs and passwords may have been compromised.

So if you have an Adobe account (you almost certainly do if you have purchased any Adobe products in the last couple of years), and you haven’t received an alert from Adobe yesterday or today, you should change your account password ASAP.

And if you use that password elsewhere, it should be changed everywhere. I won’t give you the standard admonition not to use the same account ID and passwords at different sites – I know everyone does anyway – but hackers will routinely try credentials at a variety of sites hoping to gain access somewhere.

New HP Proliant ML350p Server Getting Ready!

We’re getting one of our favorite servers, the HP Proliant ML 350p, ready for deployment to a customer. One of the reasons they’re a favorite is that they are bulletproof, easily capable of being expanded should business needs require it, yet they are still economical whether you are buying, leasing, or renting (yes, you can rent a server including the software).

What’s this particular configuration? (Skip this part if you don’t like tech details); it’s got a Xeon CPU (Intel E5-2620) with 6 cores, 32GB of DDR3 memory, (6) SAS drives in a RAID 1/10 configuration, redundant power supplies, and redundant system fans. Plus the cool looking new front bezel that all the G8 series servers have.

With all the redundancy and a 3 year onsite parts and labor warranty (standard with HP), this customer won’t have to worry about downtime for many years.

In this case the server will be replacing a tired old Dell box and it will provide Exchange email, File & Print services, as well as full remote and secure access for all users.

ML350p

Heads up! Affordable Health Care Scams

As if the Affordable Care Act isn’t complicated enough, the scammers have already figured out ways to use it to try and get your personal information.

Phishing emails are already going out with a variety of subject lines promising to ‘help you get signed up’ or offering the ‘best deals’. Some threaten users with fines or penalties if they don’t immediate sign up through a provided link.

And it’s not just email messages. Phone calls are being received and the user being told that they need to take your information and sign you up with an Exchange ‘right away’. Of course, as part of their ‘service’ they ask for your name, social security number, and sometimes even a payment.

Tell your users to just delete any such messages and hang up on any of these calls.

BYOD Fairy Tales and other Fantasy Wish Fulfillment

Just like the persecuted scullery maid who marries a prince and thus escapes from the kitchen into the castle, so to do we keep witnessing businesses and schools pretending that BYOD security isn’t a big deal and that people will ‘do the right thing.’ Right…

The latest debacle to be reported comes from the Los Angeles  Unified School District who had embarked on a program of giving iPads to every student in the nation’s second largest school system. According to a story in the LA Times, it took less than a week for nearly 300 students in one school to figure out how to bypass the restrictions placed on the devices. And the school district was surprised? Read the whole AP story here.

Funny how I just had the conversation with a business owner about how iPad’s have limited security and centralized management capabilities and they were upset about it. This isn’t a bad thing, it’s by design and part of the Apple philosophy. But wishing it were different doesn’t make it so. Yet we continue to find business owners and educational administrators trying to fit the square peg into the round hole.

Does that mean it can’t be done? Not necessarily. There are some management products out there that can do great things for BYOD environments – HP’s Intelligent Management Center and related hardware/software is a good example. But good BYOD solutions primarily work at the network level and don’t try to implement security onto hundreds or thousands of endpoints. That defeats the goals of BYOD.

If you really want a fully secure and manageable endpoint solution, think about deploying Windows 8 tablets. All the security and management capabilities are built in to the OS and integrate fully with Active Directory for management and reporting. You can lock the tablets or desktops down as tight as you’d like. Some people don’t seem to understand that Microsoft developed all those technologies and components in their server and endpoint operating systems for a reason.

Would deploying a full BYOD management solution or a full Windows 8 solution be more complicated than just handing out iPads or Android tablets and hoping for the best? Sure, but there’s no free lunch – no matter how much some people wish there would be.

 

 

MicroData’s President Glenn Mores Featured on Hound.com

MicroData’s President Glenn Mores was just featured in Hound.com. The story, What Obstacles are Currently Faced by Entry-Level IT Graduates? looks at the challenges graduates face entering the IT workforce. Glenn was asked to contribute because of his unique background as both President at MicroData and also as a Senior Lecturer in MIS at Boston’s Northeastern University.

Hound.com is headquartered in Pasadena California and has offices all over the world. They are recognized as a leader in job research. Read the article here.

With Cloud Security is Everybody Just Lying to You?

In the light of recent revelations by providers of email, chat, social network, and cloud services about how often they’ve turned over supposedly private data, combined with almost daily news of various security breaches, we’ve been having a steady stream of questions from our customers about how safe the cloud actually is.

Bruce Schneier, a security technology expert and author of over a dozen books on the subject, was recently asked about cloud security in Computerworld  and said, “You have no way of knowing. You can’t trust anybody. Everybody is lying to you.”

But this is what we in the IT industry and in particular those of us involved in the early days of email messaging security (as MicroData was) have always known. As soon as you relinquish control or grant access to data, it invites others to mine it using software tools that are incredibly powerful and effective. You can’t extrapolate what you as a business owner can imagine as possible or practical. Those concepts don’t apply.

So if you’re concerned what can you do? A couple of simple things go a long way to keeping your information private and safe.

  • If it’s really important, confidential, or valuable, keep it where you can touch it. That’s not to say that cloud data storage or cloud backup doesn’t have a place for some data, but if it’s not in the cloud you don’t have to worry about where it is. A great example was how the defense contractor Raytheon used to have certain employees remove the hard drives from their computers every night and put them in a locked safe. While at first glance that seems silly, they never had to wonder where the data was.
  • Implement reasonable safeguards. I know, security isn’t fun but security policies and safeguards are put in place for a reason. The number 1 security risk to your data are actions by your employees  – either unintentional or not. Reasonable policies and safeguards can go a long way to keeping your data safe.
  • Periodically review your organization’s data structures and see if they make security (and practical) sense and if they are, in fact, working. Many organizations start off with a good security stance but then forget about it thinking that it’s been ‘taken care of.’

Network as a Service?

Sometimes some cloud services might be all your company needs, but in many cases it’s not appropriate. That’s why MicroData has offered ‘Network-as-a-Service’ for over 13 years. What is it? Basically, it’s a turn-key network that MicroData designs, installs (or hosts in the cloud), and maintains (including user support) all for a simple, flat monthly service charge.

DL360G8This is a new DL360 G8 server is being set up for a new customer who is dumping all their problematic internal network resources and moving to MicroData’s Network-as-a-Service. It will be hosted at our data center here in Beverly and serve the customer’s 2 offices and remote users.

New Server Cluster is in!

Just finished up deploying a nice Windows server cluster for a customer. 2 machines replace 6 old servers. And with all old servers now virtualized, they have the piece of mind of having a true failover solution. A spiffy new rack, too.

Cluster Rack

MicroData Re-appointed as a Barracuda Networks Partner

MicroData has just been reappointed as a Barracuda Networks Partner for 2013-2014. Barracuda is the world leader in anti-spam email filtering. To become a Barracuda Partner, organizations have to complete technical and sales trainings as well as demonstrating real-world expertise in network security and email management.

We’ve worked with Barracuda for many years – as well as with other vendors offering similar products – and we can still say that Barracuda is the standard for email spam filtering, archiving, and web filtering.

Here’s what a Server Cluster Looks Like

The truck showed up with the components for a client’s new cluster yesterday. When this gets finished the environment will replace 5 old servers and have failover capability from one node to the other if something ever fails.

Servers for new customer cluster
New cluster servers

New Server Rack
New Rack for Server Cluster

Is a Cluster Worth Considering for your Business?

clustering has always been viewed as a very desirable method to ensure high availability and to minimize the effect of a disaster

Technology keeps developing so perhaps it’s time to take another look at implementing server clustering for your business. For those of you that are foggy on what exactly clustering is, a cluster is a series of servers that work together so that in many respects they can be viewed as a single, integrated system.

One of the biggest attractions of a server cluster is that if one node (or part) fails, the other nodes automatically and seamlessly take over the computing tasks of the failed component. This can happen both at a single site or can happen between remote sites. And it’s all automatic with no human intervention needed.

For this reason clustering has always been viewed as a very desirable method to ensure high availability and to minimize the effect of a disaster at one site of a multisite business.
So why haven’t more organizations taken advantage of clustering? Quite simply, the cost has been prohibitive. But that’s changing with new technology advancements.

We just completed a new server cluster design for a customer which will not only consolidate 4 physical servers into 2 (running the 4 servers virtually), but also provide the piece-of-mind that comes with such a configuration. The net cost? It depends on quite a few factors but in this case it was less than cost to replace the 4 old servers.

So if you haven’t looked recently (or ever) at the idea of a server cluster at your business, maybe it’s time to take another look.

Upper Management Often the Worst IT Security Offenders

Over

    half

the respondents reported that the board of directors believe that ‘the rules don’t apply to them’ when it comes to respecting IT security policies and procedures.

I read a very interesting study by Cryptzone from last year that confirmed something we here at MicroData already knew, yet it’s still amazing to see confirmed. A group of 300 IT security professionals were asked about ‘who respects security the most within their company.”

Over

    half

the respondents reported that the board of directors believe that ‘the rules don’t apply to them’ when it comes to respecting IT security policies and procedures. And 42% believe that the board of directors and senior management are most likely to ‘ignore or flout security policies and procedures.’

What makes this particularly worrisome is that senior management and boards have access to the most sensitive information.

It’s not hard to see where the train wreck can occur. And what kind of example does senior management set for the rest of their organization?

Windows Surface Pro on Schedule?

We just had confirmation from the local Windows store that they are expecting the Pro at the end of the month, so it looks like you will be able to order/pick up your Surface Pro on the 28th or 29th.

We’ve been waiting eagerly for the Windows Surface Pro – the enterprise version of the Surface – and it seems that Microsoft’s original time estimates are correct. They said that the RT would be available about the same time that Windows 8 was released and it was. The Surface Pro was then supposed to follow 90 days after which would put it at the end of January.

We just had confirmation from the local Windows store that they are expecting the Pro at the end of the month, so it looks like you will be able to order/pick up your Surface Pro on the 28th or 29th.

It’s Sometimes Foggy in the Cloud

Be careful with cloud based backup for disaster recovery. On the surface it sounds great; no costly hardware or software to purchase, it’s quickly scalable, and the entry cost is modest. But because of a couple real gotcha’s with cloud backups, we only recommend it as a secondary disaster recovery solution.

We get asked all the time about cloud services. This makes perfect sense because as IT experts we should be able to advise our clients about the advantages and disadvantages of the cloud. And with our own IT services being delivered to our clients from the cloud, I’d say we’re pretty familiar the technology! We like cloud services.

But one area where I always advise decision makers to be careful is with cloud based backup for disaster recovery. On the surface it sounds great; no costly hardware or software to purchase, it’s quickly scalable, and the entry cost is modest. But because of a couple real gotcha’s with cloud backups, we only recommend it as a secondary disaster recovery solution. Why? There are 2 reasons (other than security which is a topic unto itself).

First, when you have your data in the cloud, it typically got there over the course of many days or weeks. The Internet is still hundreds of times slower than local storage so it took a while to get it all to wherever it’s stored. So if you want it all back – right now – your fastest solution for terabytes of data will probably be getting a series of tapes by mail. Oops – this means at least 12 hours for Fed Ex (unless you can drive there) and now you need that tape drive after all to perform the restore. Maybe as much as a couple of days IF you have the replacement hardware and that tape drive all ready to go.

Second, many cloud-based backup solutions – especially the low priced products – don’t actually backup databases and system images. Sure they get copies of individual files like Word documents, but if you use a local email system, have a local accounting package, or run a local CRM solution, you have a database which will likely not get backed up. So you had better be doing something else. And then in the event of a disaster, you will need to 1) obtain replacement hardware, 2) reinstall the OS and applications – hope you have the original media and license codes!, and 3) restore local copies of the databases needed, and finally 4) restore the files from the cloud backup service. This could take weeks depending upon the volume of data.

What’s the solution? We recommend ensuring that you have a full featured local backup that includes everything and that you implement some sort of disaster recovery solution like off-site rotation of media or our SafeGuard service.

Did your Cloud Storage come from a Supermarket?

When most people think about cloud backups, they think of massive data centers, racks of cool looking equipment, and impressive redundancy. But that’s not necessaily what you get.

I just finished reading an interesting story by Derrick Harris about Backblaze – an all-you-can-store cloud backup service. What was interesting about the story was learning how and where Backblaze stores your data.

When most people think about cloud backups, they think of massive data centers, racks of cool looking equipment, and impressive redundancy. But that’s not necessarily what you get.

About a year ago there was a significant shortage of hard drives due to flooding in Thailand. Backblaze’s solution was to clean out local Costco, Best Buy, and Fry’s stores of retail USB external hard drives. That’s right – external consumer USB hard drives. Stacked right next to the bananas at Costco… 

So what’s the lesson here? Some cloud backup services such as Backblaze offer impressive amounts of storage at a rock-bottom price per gigabyte, but don’t assume it’s more than it is. In this case, it’s a whole lot of inexpensive SATA drives in a room somewhere. And remember too, most cloud based backup solutions do not have agents to handle databases and email systems (and how could they for a couple of dollars a month?), so those critical items will not be backed up.

Next time I’ll talk about some of the disaster recovery gotchas with cloud solutions.

Help desk requests are on the rise – The number of support requests rose in 2010 despite help desk budgets being cut

In this day and age when IT is supposed to be less complicated and easier to manage, more users are submitting help desk requests than ever before

In this day and age when IT is supposed to be less complicated and easier to manage, more users are submitting help desk requests than ever before, according to a recently released study by HDI (formerly the Help Desk Institute).

HDI discovered that the number of help desk requests made IM, via chat, e-mail, telephone, self-help systems, social media, the Internet and walk-ins is increasing. 67% of all help desks saw increases in 2010 – which is about the same percentage who reported an increase in 2009.

Recently, many organizations have made efforts to consolidate their help desks and establish a single point of contact for employees, according to Roy Atkinson, an analyst at HDI, whose members represent a help desk community of roughly 50,000 people.

These consolidation efforts have improved support request data collection, which helps to explain the uptick in reports. Essentially, creating a single point of contact and offering multiple options for communication with the help desk encourages users to seek assistance, Atkinson said.

While consolidation and better data gathering might explain much of the increase in reported requests, it doesn’t explain it entirely. According to Atkinson another piece of the answer might be the fact that IT complexity is actually increasing. This is especially true as more users are asking to connect multiple devices, including mobile phones, tablets and laptops to corporate networks.

“There is the trend to being able to work anywhere and anytime,” said Atkinson. And that “requires more support, so the environment as a whole is probably more complex.”

Earl Begley, who is the head of HDI’s desktop advisory board and is also an IT project manager with the University of Kentucky, said incident volumes for the university’s healthcare help desk have increased by 15% to 20% each year. Part of this increase is due to the adoption of new technologies in the healthcare industry, he said.

Begley’s team is working to reduce the volume of requests by implementing an Information Technology Infrastructure Library (ITIL) at the university, which has a long-range goal of improving overall IT efficiency.

An ITIL incorporates best practices and procedures in a myriad of technology management areas. This includes help desks, that are designed to enable organizations to sort out the root causes of IT problems and predict future issues.

The increasing volume of requests at the university keeps his staff busy, remarked Begley, adding that “it is frustrating, because they see the same problems occurring over and over again.” The idea is that an ITIL implementation will reduce much of those repetitive requests.

Technologies that help reduce help desk support demand include such things as desktop and application virtualization (where an application can be used via a web browser). Increasing the use of voice-over-IP (VoIP) technology also reduces the time it takes to support phone systems.

For organizations that reported an increase in help desk requests, roughly 41% attributed it to infrastructure changes, system upgrades or conversions; while 26% cited expanded service offerings by their support staffs; and 22.5% reported that they have more customers, according to the HDI study.

The uptick in help desk support requests is happening as most IT departments are cutting their help desk budgets, according to a study that was recently released by Computer Economics.

In its recent survey of IT organizations, the research firm discovered that help desk workers now make up about 6% of total IT staff, after factoring in about 7% of the average IT staff for the past several years.

The report states that this decline “represents a relatively substantial dip and indicates that providing high-quality support to users assumed a lower priority amid the wave of operational budget-cutting and staff reductions that accompanied the official end of the recession.”

Computer Economics said also that many factors affect the size of a help desk, including outsourcing, an increasing number of employees with smartphones, ITIL adoption, and upgrades in applications and devices.

“Some of these trends are working to diminish the size and function of the help desk, while others are putting more pressure on help desk staff,” the organization said in its report.