GizmoBlog

IT Support: Security and Penetration Testing

Posted by Daryl Rinaldi on Thu, May 28, 2015 @ 08:36 AM

Boston IT SupportPenetration testing is a key component of an IT Security program.  GizmoFish and other Boston area IT Support companies can offer this service to you at relatively low cost.  But it should be part of a larger overall security program.  Let me explain what penetration testing is and how it fits into a security program.

You have your internal network inside your company and this is where all your computers and devices reside.  Then there is of course the internet - the external network.  A firewall is the device that sits in between your internal network and routes traffic to and from the internet to and from the appropriate device on your internal network.  The firewall  is the device that makes sure that when you click on a link to download a file for example the file downloads to YOUR computer and not your coworker's computer.  But the other thing a firewall does as you may guess by the name is to protect your internal network from all the baddies out there.  The firewall is configured by your IT Support company or department to only allow in traffic that you specifically want to allow in.

So here is where penetration testing comes in.  Penetration testing tries all kinds of approaches to try to breach the firewall and gain access to your network.  You are looking for vulnerabilities.  This is what the bad guys do all day long so you are essentially doing it yourself to try to find any vulnerabilities before the bad guys do.   The penetration test will produce a report showing all the attacks it tried and if any were successful in gaining access to your internal network. 

In addition to the benefit of finding security vulnerabilities it is also documentation that you have taken proactive steps to protect your network.  If your network is ever breached and there is any regulatory and legal action it may be important to show that you took a proactive approach to security.

If your penetration test finds vulnerabilities your IT Support company can take steps to close those "holes" in your firewall.  A penetration test by itself is not enough to tell you how secure your company is.  As I said above it is only 1 component of a larger IT Security program.  But it is an important piece and can help you ensure your company's security.

GizmoFish can run a penetration test on your network as part of an overall IT Security audit and program.  Call GizmoFish at 866-MY-GIZMO (866-694-4966) Ext. 1 or just click on the link below.

I Want to Learn More

Tags: IT support, security

IT Support: Mobile Device Management

Posted by Daryl Rinaldi on Wed, May 27, 2015 @ 07:10 PM

Pharmaceutical ITIT Support companies and departments in Boston (and of course elsewhere) are dealing with the challenges of supporting a mobile workforce.  One key challenge is protecting company information when it resides on all the portable devices their users use such as smart phones, laptops, and tablets.  There are 3 prongs to approaching this problem.

1. User Education:  User education often gets short shrift as people look for a technology magic bullet but teaching people what they should and should not do is actually a key component of your security strategy.  Don't assume your users know for example the risks of public wifi hotspots. Speaking of which we highly recommend you talk to your IT Support company or department about purchasing aircards or data tethering plans on their mobile devices for your users so they do not have to use public wifi hotspots. And of course don't forget general security awareness training on how to avoid getting infected or scammed.  Train users and repeat the messages with notifications, emails, messages on your intranet, etc. so it is top of mind.

2. Policies:  You can get as formal as you want here but the point is you have to decide as a company what will you allow people to do and not do.  For example many companies require that any smartphones with company information such as email on them must have a passcode or thumbprint ID.  Another common policy is restricting the use of file-sharing applications to whatever the corporate standard tool is.  So people are not allowed to use personal file sharing services like icloud or dropbox.  I will publish a longer post on file-sharing apps later but I will tell you that 2 of the ways we like to share data are A) a company SharePoint intranet or B) Egnyte - which is a dropbox-like application but with much more robust management designed for businesses, not consumers.

3. Technology: MDM (Mobile Device Management) is the category of software that you will be looking at to manage all these devices securely and efficiently.  Some of the leading vendors are AirWatch, Mobileiron, Maas360, and Good Technology.  These solutions let you deploy standardized profiles to devices remotely.  So you can outfit your sales force with tablets and/or smart phones with a consistent set of apps, custom wallpaper, Wifi networks preprogrammed in, security policies (ex passcode required) predefined, etc.  And these profiles are sent to the devices wirelessly so you can deploy and update the configurations remotely without user intervention.  In addition to the convenience of being able to deploy standardized profiles to tablets, phones, and laptops you also have fine-grained control over the security settings of each device and perhaps most importantly the ability to remotely wipe or disable a device.  If the device is company-owned then you can remotely wipe and manage the entire device.  If the device is owned by the employee the MDM software sets up a seperate area on the device for company-related apps and data so that it does not intermingle with the employee's personal information in any way.  When the employee leaves you can remotely wipe just the company information and not touch their personal information.

If you are deploying devices to a field force then an MDM solution is a must.  But even if you do not have a field sales force you have employees who have company information on their phone, laptop, or tablet you can be sure.  So an MDM solution still makes sense.

We'll publish blog posts that delve into MDM in more detail later.  In the meantime if you have questions about MDM or just want help in supporting your mobile workforce in general call GizmoFish at 866-MY-GIZMO (866-694-4966) ext. 1.  or simply click on the button below.

Contact GizmoFish

 

Tags: IT support, Mobility, MDM, security

Pharmaceutical IT: auditing 3rd party vendors

Posted by Daryl Rinaldi on Tue, May 26, 2015 @ 05:40 PM

Pharmaceutical ITThe FDA has requirements for Pharmaceutical IT and QA departments about validating 3rd party vendors, particularly GxP vendors.  But even for 3rd party vendors that do not require full validation it is a pharmaceutical IT best practice to thoroughly vet 3rd party technology/service vendors.  

For 3rd parties that do not require formal validation the factors that determine how intensively you should investigate them are:

  1. How much will you organization depend on the availability of this service or data?  How long could you function without it if it were offline? If this is a critical service that would majorly disrupt your operations were it not to be available you must understand the level of quality and robustness of their technology architecture, their support infrastructure, their processes and change control procedures, their security against malware and hackers, and their backup and disaster recovery systems and processes.  I will provide a blog post providing more detail on what types of questions to ask and what to look for.
  2. How sensitive is the data they will house?  is it public information?  Is it material non-public information subject to Sarbanes Oxley and/or SEC regulation? Is it HIPAA data?  Or is it just highly confidential information that you would not want to get out?   The more confidential this information is the more you have to investigate their security technology and processes.  If the data is subject to specific regulations such as HIPAA then you have to additionally check for compliance.  You should also contractually require compiance.
  3. How irreplacable is the data they will house?  Is this just a copy of data you have elsewhere?  Is the data easily reconstructable from other sources?  or is this the only copy that exists?  The more irreplaceable the data is the more dependent on their backup and disaster recovery system and processes you are.  I'll post another blog specifically on how to evaluate a vendor's backup and disaster recovery in detail.

It is common for IT firms and departments to focus on evaluating technical risk and I will indeed post a more in-depth blog post on that soon.  But you also need to consider business and legal risk.  What if this vendor goes out of business?  What if a law enforcement body siezes the servers that your data resides on?  Any time you outsource technology you are taking some business/legal risk -- you can't avoid that.  But there are steps you can take to minimize the risk.  There are certain contractual clauses you should insist upon.  I will provide a blog post specifically on dealing with financial and legal risks in the future.

Lastly remember that this is not a 1-time thing.  You have to periodically go back and recheck the vendor.  Are they still backing up your data using the same technology with the same processes?  If they do annual tests of their Business Continuity System how did the most recent test go?  Did they meet their objectives? Have they had any breaches or have any audits uncovered any problems?  Their finances may have been great when you first talked to them but are they still doing well financially years later?

There is a lot to think about when vetting a 3rd party vendor.  This is a big topic so I will provide several follow-on blog posts that will delve into these topics deeper.  Stay tuned!

In the meantime if you need IT help in evaluating a 3rd party vendor, or in creating a 3rd party vendor evaulation process please call GizmoFish at 866-MY-GIZMO (866-694-4966) or just click on the button below

 

IT Support Boston

Tags: IT support, Pharmaceutical IT

Sample - How To Post

Posted by Sample HubSpot User on Sun, May 04, 2014 @ 11:43 PM

INTRODUCTION:

Your “how to” blog post should teach the reader how to do something by breaking it down into a series of steps.

Begin your blog post by explaining what problem you are going to solve through your explanation and be sure to include any relevant keywords. Add in a personal story to establish your credibility on this topic. And make sure to end your blog post with a summary of what your reader will gain by following your lead.

Need some inspiration? Check out these "How-To" examples from the HubSpot blog:



BODY:

Now deliver what you promised in the first section. This is the longest part of the post, so make it easy to read. Use short paragraphs, bullet lists, and bold headings to set different sections apart. 

Some common section headers include:

Step 1: Getting Started

Step 2: Do Your Background Research on…

Step 3: First Steps for…

Step 4: Analyze and Repeat

Step 5: Wrapping Up

You can use bulleted lists, numbered list, or multiple headings. Include as many steps, numbers, or bullets that will allow you to discuss your topic thoroughly.

Here are some pointers to make the best possible body of your blog:
  • Include visuals
  • Include short explanatory phrases in your headers
  • At the end, transition into your conclusion


CONCLUSION:

Now it’s time to say goodbye and wrap up your post. Remind your readers of your key takeaway, reiterate what your readers need to do to get the desired result, and ask a question about how they see the topic to encourage comments and conversation. Don't forget to add a Call-to-Action to turn your blog post into a marketing machine!

Congratulations! What a lovely how-to post you've created. 



 

Click here to see our sample offer!

5 things to consider before choosing the cloud for your data storage.

Posted by Daryl Rinaldi on Mon, Mar 31, 2014 @ 10:52 AM

cloud storageThe cloud, the cloud, the cloud!  It seems like that is all we hear about these days.  And here I am writing yet another post about it!  Well fortunately this post will help you make a specific decision about whether to use the cloud in your business rather than just being yet another thought-piece about the cloud as a general phenomenom.  We advise our Boston area IT Support customers all the time on this decision.  We talk them through these exact issues to come up with the best answer for their particular situation.  

By the way one use of the cloud is what is referred to as Software-as-a-Service or SaaS.  These are software applications that you access over the web via a web browser rather than install on your computer.  We'll talk about that in a later post. This post will specifically discuss using the cloud as the file storage repository for your business.

Here are the considerations:

IT Support Boston1. Cost: You no longer have to spend thousands of dollars to purchase, install, and maintain a server to store your data locally.  Refer to my earlier posts (part 1 and part 2) detailing the costs involved in havng a server.  Nowadays you can purchase a NAS (Network Attached Storage) device instead of a server.  This is an external hard drive that plugs into your network.  A 1 Terabyte NAS (more space than most small businesses will ever need) can be purchased for under $150.  And you can set it up yourself with a few clicks.  So that makes storing your data locally very inexpensive.  But with any local onsite storage option you must have offsite backup.  In the event of a fire or some other disaster you need a copy of your data safe in another location.  Often times the cost of online backup is similar to the cost of cloud storage (they are both forms of cloud storage afterall).  So if you are paying to backup your files to the cloud it makes sense to ask (from a cost perspective) whether you should just store them there in the first place.  

Most cloud storage services give you some amount of free storage (usually in the 5 to 15GB range), however a typical small business will pretty quickly exceed the free tier and start paying a monthly per Gigabyte fee.  100 GB is probably sufficient for most small businesses and generally speaking you can get that much for anywhere from $2 to $10/month.   So unless you are a larger business with either a lot of users or a lot of data, cloud storage is very inexpensive.

IT Support Boston2. Remote Access: With any of the cloud storage services your data is accessible over the internet from anywhere - even on the beach like this young lady (although taking your computer to the beach may not be a wise decision).  You can also access it from your phone or tablet.  With a local storage system you have to arrange remote access.  There are a variety of ways to achieve this and you can do it for little or no cost.  But none of them are as convenient as the cloud storage option.

IT Support Boston3. Security: With cloud storage the protection of your data is in the hands of the cloud storage provider.  Some of these providers have had security breaches Dropbox breach.  So you have to decide if you feel more comfortable keeping your data inside the 4 walls of your office or letting it reside on some server somewhere managed by someone else.  By the way since your data is easily accessible over the web from any web browser do yourself a favor and use a good password.  See my post on choosing a "good" password.

IT Support Boston4. Disaster protection: If you store your data locally and do an online backup you are well protected against a disaster.  You have at least 2 geographically seperate copies of your data.  Cloud storage providers all have offsite backups so that they can recover your data in the event something happens to their main data center.  But again the question is if you are comfortable relying on THEIR disaster recovery instead of your own.  And while most people focus on physical or technical disasters, you should at least consider legal or financial disasters.  What would happen if the cloud storage vendor you use suddenly went out of business?  How would you get your data back?  The chances of this happening to a major cloud storage vendor are admittedly very slim.  But think about this horror story - "Box.com let someone delete all my files."   Does that make you shudder?  Or do you take comfort from the fact that A) this kind of event is exceedingly rare and B) in the end the reporter got back all their files and the company changed their processes to ensure this doesn't happen again (they say)?.

IT Support Boston5. The NSA: prior to Edward Snowden's revelations this would not have been a consideration.  But if it bothers you that the government can probably read anything you store online that may be a consideration for you.   

 

 

If you would like advice on the best data storage option for your business call GizmoFish at 866-MY-GIZMO (866-694-4966).

 

Contact GizmoFish

Tags: Cloud, security

IT Support Tip: What to do after Windows XP

Posted by Daryl Rinaldi on Thu, Mar 20, 2014 @ 07:09 PM

IT Support Boston

Windows XP and Office 2003 support officially ends April 8, 2014.  That means no more new updates for either product and you can not call Microsoft for support.    So what should you do?  GizmoFish provides IT support to lots of Boston-area companies and we have helped all of them make this decision.  Here are the options we have talked through with them:

  1. Keep using your Windows XP computers.  Not recommended.  It will get less and less secure as time goes on and fewer and fewer applications and hardware devices will work with it.
  2. Upgrade to Windows 7.  Windows 7 is an excellent operating system that works well and is similar enough to Windows XP so that your learning curve will not be that steep.  But note you probably cannot (or should not) try to upgrade your actual Windows XP PC to Windows 7.  The hardware probably won't support it or if it does it will probably be dog-slow.  You should buy a new Windows 7 PC.
  3. Upgrade to a Windows 8 PC.  Windows 8 is dramatically different that Windows XP.  There is a steep learning curve.  Besides which a lot of people do not like the new Windows 8 interface.  So unless you have seen Windows 8 and really like it I would not recommend migrating to Windows 8.
  4. Switch to a thin client.  A thin client is for example Terminal server (AKA Remote Desktop).  This means all your programs run on a server somewhere and your local PC just connects to it.  This is only really an option if A) your company already has the infrastructure in place to support it, or B) you are tech-savvy enough to be able to set yourself up on one of the cloud dekstop companies.  The pros and cons of doing this need to be thought through and I will devote an entire blog post to it later.  If you did switch to a thin client you could continue to use your XP machine and just use it as a kind of "dumb terminal." As long as you are only using it as your thin client and not surfing the web, getting email, etc directly on it (but are getting them on your "virtual desktop" instead) then the security issues with XP won't affect you.
  5. Switch to a Mac.  Lots of people like Macs of course.  The big issue here is you have to buy all new software.  Whereas programs written for Windows XP will almost always work on Windows 7, they will NOT work on the Mac.  So you have to buy all new software as well as a new machine.  And of course there will be a learning curve for switching to the Mac.  This is a big move.  If however you use all or almost all cloud applications that makes this move much easier and everything runs the same in the cloud from a Mac or a PC
  6. Forget about PCs or Macs, go to a tablet like an ipad or Android tablet. Here I am referring to true tablets like ipads, not hyrbrid tablets like the Microsoft Surface Pro 2 that have keyboards.  Tablets are super convenient and certainly have the "cool" factor.  However the big knock against tablet is they are great for consuming content.  Not good for creating content.  Try creating and editing a spreadsheet on a tablet. So for most professionals having only a tablet is not really an option.  
So there you have it.  Purchasing a new Windows 7 PC is probably the easiest and most straightforward approach.  But if you are willing to make some changes and undergo a learning curve now could be the time to make the leap to a new way of working.
GizmoFish can help your Boston-area business with IT strategy and making the proper IT decisions.  Call GizmoFish at 866-MY-GIZMO (866-694-4966) today.
Contact GizmoFish

Tags: IT support, Windows 7, security, Microsoft Office, Windows 8, Windows XP

IT Support Tip: Watch out for the fake Adobe Flash player scam

Posted by Daryl Rinaldi on Mon, Mar 17, 2014 @ 02:21 PM

Yesterday while browsing the web I got a pop-up telling me that my Adobe Flash player was out of date and I was taken to a page to download the latest Flash player.

IT Support Boston Flash spoof

It looks reasonably official at first glance but closer inspection reveals this to be a fake trying to get me to download some bogus piece of software.

I am an experienced IT Support technician who advises many Boston area companies about IT Security and yet I was almost fooled by this.  I was about to click install before something stopped me.  Had I been in a hurry or just distracted it would have been very easy to intall this malware on my computer.  And, thinking it legitimate, I may have ignored any warnings from my AntiVirus software.

The bad guys continue to try to find new ways to trick you.  You don't need to be paranoid but a healthy caution is appropriate.  Be especially wary whenever a website wants you to download something.  That is the #2 way that PCs get infected.  (The #1 way is through email attachments - another post will address that threat.)  We provide IT support to many Boston area companies and every single PC and server we manage A) has up-to-date antivirus software and, B) is kept up to date with all the latest security patches.  But even with that we still need our customers to exercise caution.  No antivirus software is full-proof and if a user is determined to install what they think is legitimate software they will often ignore warnings from their AntiVirus software.

Happy web surfing!

Warning - Shameless self promotion ahead:  If you want your business protected against malware and "bad guys' call GizmoFish at 866-MY-GIZMO (866-694-4966) today.

Contact GizmoFish 

Tags: IT support, security

Getting the Most from your IT Support Company

Posted by Daryl Rinaldi on Mon, Oct 14, 2013 @ 09:00 AM

IT support BostonWe've been providing IT Support to greater Boston area businesses for a long time now and one thing that we've learned is that end users can help us resolve their problem more quickly just by following a few simple steps.  This short video will tell you how to get the most out of your IT Support company.  You can help them to help you.  It's a "win-win"!

If your IT Support company is not providing the level of support you need please call GizmoFish at 866-MY-GIZMO (866-496-6944), or just click on the button below.

IT Support Boston

Tags: IT support

IT Support Tip: Yahoo Mail changes - beware the scam artists

Posted by Daryl Rinaldi on Wed, Oct 09, 2013 @ 08:42 AM

IT Support BostonAlthough none of the greater Boston area businesses we provide IT support for use Yahoo mail we have heard from friends and colleagues about the new Yahoo Mail interface that was released yesterday.  While over time users may see this as an improvement, some are dismayed by the changes.  And of course the scam artists are ready to pounce.  We have spoken to users who googled yahoo mail changes and were led to sites that asked them to call for technical help in changing it back.  Then when they called the technician logged into their computer and told them they had thousands of infections and needed to pay them $200 to remove them.  They also helpfully explained why taking their computer to Best Buy to get it fixed rather than paying them to do it wasn't a good idea.  

So first of all don't think something is wrong with your PC becuase of this change.  It is intentional by Yahoo.  And don't call anyone other than a trusted IT advisor to help you with this.  I have included a link below that tells you how to get most of the changes back to the way it was before.  Click here for a step by step article showing you how.  Good luck.

Click on the button below to get helpful Business Tech Tips like this delivered right to your inbox no more than once per month.

IT Support Boston

 

 

Tags: IT support, security

IT Support Tip: Here is what to keep and what to discard.

Posted by Daryl Rinaldi on Thu, Oct 03, 2013 @ 10:00 AM


When you get a new computer you usually get a bunch of disks and some paperwork, not to mention a box with some packing materials (oh yea and the computer itself).  Our Boston area IT Support customers often ask us what they need to keep and what they can discard.  Well I am here to tell you.

  1. IT Support BostonSystem Disks: KEEP.  These disks say System Disk, or will say the name of the actual operating system like Windows 7 Professional for example.  They are very useful for certain maintenance tasks like repairing the operating system in the event of certain failures. Of course if you are like me you may sometimes - despite best intentions - lose something like a set of CDs or forget where you kept them.  So for our customers we always copy the entire CD to a location on the server or whatever data storage location they have.  That way even if you lose the CDs you can burn a new one from the image you copied.  If there is a product key with the operating system write that down in a text file and keep it in the same directory in which you have the image of the system disks.   If you have to reinstall the operating system you will need this product key to activate it.
  2. IT Support BostonApplication Installation Disks: KEEP. Most applications come preinstalled or by download nowadays.  So you may not even get an installation CD.  But if you do the same advice applies as with System Disks above.  You can download the installers for most any application you need nowadays so it is not a crisis if you lose the disks.   But to download the installer may require a call to tech support.  So save yourself the time and hassle by keeping and copying the disks.  SPECIAL NOTE: Some disk holders have the all important license number, product key, or serial number (different vendors use different terminology) on them. You definitely want to hang on to that and copy that information down somewhere you won't lose it.  Most software companies have a way to retrieve that for you but not all do and besides it requires a call to tech support.  So again save yourself the time and effort.
  3. Driver Disks: KEEP.  The "drivers" are pieces of software that are specific to your PC that help Microsoft Windows talk to to the specific hardware that is in your PC.  Keep and copy these just like System Disks.  You can download pretty much any drivers you need nowadays so it is not a crisis if you lose the disks.  But it is a convenience having the disk handy. 
  4. Paperwork - manuals, safety notices, etc.: DISCARD.  You will rarely if ever need these and they are always available online.
  5. IT Support BostonThe box and packing materials: KEEP - for 2 weeks.  If you are going to have to return the equipment for some reason you will usually know within the 1st 2 weeks. They may not require you to use the original packing but it sure makes it easier if you have to ship it back. After a few weeks you can discard it.  AT that point it will more likely be repaired at your site than sent back for replacement or refund.
Hope you found this helpful and informative.  If you would like more helpful IT tips deliverd directly to your inbox no more than once per month (I promise) click on the button below to sign up for GizmoFish TechTips.
IT Support Boston

Tags: IT support