Online Payment
image description

tech blogging > our corner of the web

tech blogging >

Security Awareness Training & Webinar

Monday, September 11, 2017
Join us as we welcome KnowBe4 Security Awareness who will be presenting a webinar on strengthening your human firewall on Wednesday October 18, 2017 at 2pm EST.

Human error combined with increased security threats is highlighting the need for security awareness training for every business. Keeping your employees educated on security is so important and that’s why we’ve partnered with KnowBe4, the market leader for security awareness training and simulated phishing tests.

KnowBe4 trains your entire workforce via interactive modules, and then sends out simulated phishing tests to identify the individuals who require additional training – and maintains awareness throughout your organization. Plus – this training addresses compliance requirements - whether you need to comply with PCI DSS, HIPAA, SOX or GLBS.

Invite your Security Team so that they can log-in / dial-in from their own desktops if they'd like. RSVP HERE or send an email to Kim.

Meraki Enterprise Licenses vs. Advanced Security Licenses: What’s the difference?

Wednesday, September 06, 2017
When clients purchase a Meraki MX firewall, they often wonder what the difference is between an Advanced Security license and an Enterprise license, and what they actually do for you.

As you'll see in the chart below, the Advanced Security edition is the more robust of the two, but regardless of which one you choose, it’s important to note that you must have a valid license in order for the firewall to work properly. With security and compliance top of mind, we always recommend choosing the Advanced Security edition as a company standard, however, it's good to know what options are available to you.

Please note that the MX licensing edition is uniform across the organization. For example, you can have all 25 appliances using Enterprise Edition or Advanced Security Edition, but you cannot have 20 appliances using one edition and 5 using the other edition.

Advanced Security licenses have an edge over Enterprise because they include additional features that are vital from a security standpoint, and are required for many industries who need to adhere to compliance requirements. Said features include Cisco® Advanced Malware Protection (AMP) which provides the extra level of protection you need to stop advanced threats often missed by other security layers.

Cisco Advanced Malware Protection Benefits: 


This table shows a list of major features and their required license edition:

If you have additional questions about Meraki licensing or are interested in a Meraki solution for your business, contact us today via email or 616-837-6930.

Back to School with D.A. Blodgett's Backpack & School Supply Drive

Thursday, August 31, 2017
During July and August, the team at IT Resource collected school supplies for the D.A. Blodgett Backpack & School Supply Drive. We were very excited about the turnout and we think it’s fantastic to see our staff get involved with this very special and local cause.

Summer, especially August, can be a very busy time trying to fit in last minute trips and back to school shopping for our own children. But, it’s also a great time to think of those kids that are less fortunate, those who come from unstable or unsafe environments, and ways that we can help.

D.A. Blodgett recognizes that kids need to have the proper supplies so they can be successful and confident on their first day of school and throughout the entire year. This drive helps over 500 kids in the Grand Rapids area who are currently living in residential care, foster homes, shelter care, or whose families are in need of assistance. Each child will receive a new backpack filled with school supplies, helping them be comfortable and confident when they go back to school.

D.A. Blodgett has many ways individuals and businesses can support their local communities. From volunteering to fund drives, there’s a way for you to get involved, any time of the year! For more information on ways you can give, visit their website.

Building Healthy Kids and Strong Communities

Monday, August 07, 2017

Playgrounds bring families together and we've experienced firsthand, the positive effect they have on our town. We're especially partial to our friend Carter Oosterhouse for the work he's doing, not only in our local communities, but all over the country. 
This beautiful playground was built at the Grand Haven State Park, just minutes from our corporate office.

Carter's Kids builds playgrounds, healthy kids, and awesome community gathering spaces. This non-profit organization is dedicated to creating and promoting awareness of fitness and self-esteem for kids by building and developing community parks and playgrounds. The kids then have the opportunity to take an active part by using, sharing, and caring for these public spaces.

Another great Carter's Kids creations in Traverse City, MI

This playground was a great addition to the Holland, MI area. 

For the past three years we've sponsored and played in the Carter's Kids Charity Golf Outing, held at the LochenHeath Golf Club in Traverse City, MI. Not only is this event a blast to attend, but we love the cause. Seeing our donations go directly back into our local communities and benefitting kids makes this such a rewarding experience.

We sponsored a hole at the 2017 outing

A few times a year we make it a priority to take our IT hats off and do something good for those around us. It's a great feeling to be able to give back, especially when it involves doing something special for kids. As expected, this year's outing was great. We can't wait to see what lucky community is next on the list for a fantastic new playground. 

Gary and Leo are pictured with Carter Oosterhouse

We love getting out and helping in our local communities. Learn more about how we helped a large scale west Michigan car show by assisting in the setup of a small wireless network and providing internet and database access to a series of iPads. 

Creating a Cost Effective IT Strategy :: Top 3 IT Services You Need

Tuesday, August 01, 2017
Implementing a cost effective IT strategy will benefit your business in countless ways. For starters, it gives your employees the productivity tools they need to be successful, keeps employees educated on IT security, and keeps your business protected against security threats - inside and outside your network. The big question is, where do you begin? We've taken the guesswork out of it by laying out the services you need to build a foundation that supports your critical business applications.

What are the “must have” IT services?

SECURITY PROTECTION: You need protection from outside and inside sources to keep all devices safe. Email phishing and wire fraud are real threats that can be very costly; and ransomware is the leading risk for data loss and corruption. To avoid these headaches, executing an appropriate security solution is key.
1. Educate your staff – train employees on how to detect threats and phishing emails, use strong passwords, and always secure devices with a PIN
2. Purchase a cloud-managed firewall with integrated threat prevention
3. Use a layered security solution that protects all devices
4. Encrypt your drives and keep your systems up to date
5. Ensure your solution is actively monitored with reporting options that show your current security risk level
Pro tip when purchasing a security solution:

Always buy software that is user-based versus device-based. A user-based license can be used on multiple devices so that your employees are protected on every device they use.

DATA BACKUPS: Part of a great security policy is an even better data backup policy. Don’t keep your most valuable asset – your data – in one location. Implement a cloud-based backup and disaster recovery service that will provide in-house data backup and restore capabilities. It’s also important to confirm your backup solution is being actively monitored and you receive easy-to-understand status reports. Always regularly test your backups.
A properly configured backup solution should always:
1. Protect against accidental deletion, system failure, and Ransomware
2. Allow your business to keep running in the event of a loss
3. Encrypt the backups to prevent data theft
4. Follow or exceed the 3-2-1 rule - have at least 3 copies of your data, 2 of which are local and on different mediums and 1 copy that is stored offsite
Pro tip when purchasing a backup solution:
Tell your IT provider: “I want a backup solution that protects all my systems and data, regardless of where they are”. Also, make sure that you establish how often you want your data backed up and that the backup solution is compatible with your in-house infrastructure.

EMAIL SOLUTION: Everyone uses email but what about security and collaboration? Employees are working from everywhere and teams still need to come together to get stuff done. Your e-mail solution must allow you to securely communicate with your staff and customers from any device at any time.
1. Use a cloud-based email solution for the highest security, most features, and most cost savings. Moving from in-house email to Office 365 saves up to 90% in admin and maintenance costs.
2. Take advantage of the collaboration capabilities for both internal communications and with your customers – instant messaging, document sharing, video, instant meetings, etc.
3. You don’t have to do it by yourself – work with a certified Cloud Partner for ease of administration and maintenance.
Pro tip when choosing an email service:
Make sure it has built in security, encryption, secure access from any device, multifactor authentication, the ability to set policies to control access to files, and user based pricing so that you can have the service on multiple devices.

If you have any questions, are looking for additional information, or would like to discuss your IT strategy, please reach out to our sales team or give us a call at 616.837.6930. We’re happy to be a resource to your business.

Meet Our New Director of Sales & Marketing

Wednesday, July 05, 2017
Please join us in welcoming our new Director of Sales and Marketing, Matthew Sullivan. Matthew brings with him a wealth of knowledge in the areas of leadership, sales, and marketing due to his past experiences in a variety of industries including automotive and workforce development. He also owned his own leadership and management development company for several years and has been teaching leadership skills to middle school students for twelve years.


While leading and mentoring people fuels his professional side, it's music and sports that support Matthew's creative side. Since he can't actually play a lick of music he has spent his time volunteering at a local radio station for the past 13 years. He's also coached youth baseball for over ten years and his teams have brought home a few Little League District 9 championships and one state championship. 

Despite having lived all over the country, including stints in Colorado, Idaho, and the Northeast, Matthew decided long ago that Michigan was the place he wanted to call home. He and his wife of 29 years have enjoyed raising their three children here and have recently become empty nesters.

"I’m really excited to be a part of the IT Resource team – and I’m humbled by the commitment and passion everyone at our company has for their profession and their customers," said Matthew. "I look at IT from the end-user’s perspective. Technology is supposed to make it easier for people to be productive, so when we push the “on” button we just want the technology to work. I feel like our team gets that idea and I'm looking forward to leaving my mark here."

Please help us welcome Matthew to the IT Resource team!

Security Awareness Webinar :: Sign Up Today

Tuesday, May 23, 2017
With all the recent news about ransomware and phishing attacks – keeping security awareness top of mind among your employees is more important now than ever before. Every single business could benefit from some additional security training and that's why we're hosting an upcoming webinar on security awareness training.
 
You’ll want to join this session if you..
- Want to avoid ransomware and phishing threats
- Need to be PCI DSS, HIPAA, SOX or GLBS compliant
- Don’t have existing security awareness training

You'll learn about the capabilities of KnowBe4’s security awareness training and why it’s so important for every business to have. The webinar will include a demo so you can see for yourself how streamlined and easy security training can be! 
 
KnowBe4-Security Awareness Webinar
Wednesday, June 28th
2:00 PM  |  Eastern Daylight Time |  1 hr
 
Register online here or email your RSVP to Kim.

*All webinar attendees will receive a FREE KnowBe4 t-shirt!
 
Feel free to forward this post to others on your team so they can log-in / dial-in from their own desktops if they'd like.

Don’t want to worry about RansomWare - Build a better backup strategy

Thursday, May 18, 2017
By Andrew Smith, Director of Technical Services

In light of the recent ransomware attack, the Internet has become as unsafe as it can be. Imagine walking down a dark alley with hundred dollar bills pasted to your clothes wondering if you would get mugged. That is how many people feel right now, and it is deserved.

Last week over 300,000 computers were held for “ransom” as they were locked by malicious activity. Obviously there are a variety of layers you should address to be safe, but in the end if you want peace of mind you should look at your backup strategy right now, this minute, no waiting.

A world map shows where computers were infected by WannaCrypt ransomware since Sunday, May 14, 2017 (as recorded by MalwareTech.com.) MalwareTech.com/Screenshot by NPR

Of course there are antivirus solutions out there, and those may work. There are a variety of network appliances that will help you avoid issues, and of course training is the biggest area most people should focus on and don’t. The reality is, someday, somehow there may be something that gets through and a backup may be your only solution. There are plenty of solutions out there, but you have to remember two things as you are navigating the world of backups. RPO and RTO.

RPO or Recovery Point Objective is simply, how much data are you willing to lose?
RTO or Recovery Time Objective is simply, how long are you willing to be down?

It seems like an easy question but as both numbers go down, cost goes up. That’s not all. If you think copying files somewhere is a backup, you're mistaken. You need a real solution, something that does not overwrite past backups. Why?

It seems we have had a few customers copying their files to the cloud, let’s say Cube for the sake of argument. They were copying because they had access to Cube, and when they were locked, guess what, Cube was locked as well. The net result is no backups.

At IT Resource we can help you find a way to back up your files using quality solutions like Datto, Veeam, and Zerto. Our skilled Solution Architects will find a price and a level of safety that is right for you and will allow you to meet your objectives. Our goal is to have customers that know things will work, because we are helping them. If, by chance, you don’t go with us, find someone who will help you be safe in this currently uncertain world and have the best backups possible to ensure your business will be here tomorrow, and the day after that. Give us a call at 616.837.6930 to get started.

IT Obstacles :: When Should You Update Your Systems?

Tuesday, May 16, 2017
By Andrew Smith, Director of Technical Services

How many aspects of your life fall into the category of “If it ain’t broke, don’t fix it”? In technology, this can be detrimental to our business and personal lives if we don't pay close attention to the risks associated with taking such a stance. Attempting to utilize outdated technology can be a money saver on the surface, but more often, it's a money trap waiting happen.

Years ago, I was working on a series of systems, determining use and necessary upgrades for each. I came across several old ones that were in use and identified one, an AS400 that was over 15 years old. The system was critical to about 400 individuals, and each person that I talked with promptly told me two things: They could not work without the system, and it was ok because they paid support for that system. These folks were adamant that we could not touch that system because “It was special”, “It could not be down”, and “They had support so we didn't need to worry about it.”

As my team reviewed the AS400, I sat down with the system owner and we called the vendor. They had been paying an excessive amount of money each year for support and I asked the vendor a simple question. “If the system goes down with a hardware failure, will you guarantee it will be repaired?” There was a pause, and then the answer came back. “Our SLA is, we will have a technician on site within 4 hours.” I smiled, waited, and asked the question differently, “Can you guarantee you will be able to bring the system back online”, and the answer came back again, “Our SLA is, we will have a technician on site within 4 hours.” We had some additional discussions but after the call I looked at the system owner, a non-technical person in charge of a major area, and asked if they understood what had just happened. They were very thoughtful and simply said, “I think we need to look at some additional options.”

We replaced that system with a newer box and worked towards the replacement of the software. By utilizing virtual techniques we moved the system to a more resilient platform, ensuring it would be online as necessary, and that the solution would not be a tech onsite within 4 hours, but instead, a system supporting 400 workers that would be online even in the event of a disaster.

So why was this a good decision? It's easy. First, if the entity had gone down for even one hour, the 400 workers affected would cost an excessive dollar amount.. Even if these were jobs at $10 an hour, which they were not, that's $4000 an hour. Second, if the data had been lost, there wouldn't have been alternate operating systems or hardware to bring the system back online and the cost of losing the data could be immeasurable. Third, the system itself, being out of date for so long, had numerous security issues and could easily have been compromised. This alone can destroy both the credibility of a business and finances with minimal opportunity for recovery. Fourth, the system itself was impacting users and becoming less usable, causing employees to find a workaround to do their job - costing the company even more money. 

So how does this matter to small and large businesses alike? Well, as the age of a system goes up, we add risk and potential points of failure, including replacement issues. The bigger the system with more moving parts, the more likely it is to run into issues.

A simple approach can be:
Hardware Age + Operating System Age + Risk + User Impact + Financial Impact - Disaster Recovery Resilience < 10

As hardware ages it requires updates and possibly replacement parts. As the parts become less available, the risk to the system increases. If you virtualize you should consider the virtual strategy to be part of the same equation, but in the case of the system, your hardware age is always 1 as the virtual system then becomes the necessary upgrade.

We often forget the operating system which can be the foundation for doing work at all. As its age goes up it will develop more security risks. If it's not being supported anymore, you are at major risk and need to find a solution.

In this case let's consider risk as regulatory (like HIPAA) or agency risk, with a rating from 0-5 where five is the greatest risk and zero is no risk at all.

User impact and financial impact are subjective but let's rate the impact from 0-3 where 0 is no impact at all, and 3 is high impact.

Disaster resilience can subtract from your score by creating situations where you can be back online quickly. This can be achieved through programs that minimize downtime. Using a virtual machine and a solution like Datto can get you back online quickly even in the event of a total loss, creating lower overall risk.

If you use the equation provided and come up with a number greater than 10, it's definitely time to start talking to an IT professional. If we take the example we had previously, we get these numbers: 15+16+5+3+3-1=42  Every increment beyond 10 should have been a red flag. 

It's also important to pay attention to what vendors are saying. Obviously, there is no guarantee on any system but when you're not given an ETA or an escalation path in case of an outage, you're skirting with downtime and potential costs associated with such.

Remember, if a system is not critical, will cost no time, will not be missed, has no critical or useful data on it, and can be gone forever with no impact on you or your business, then maybe it's ok to keep an antiquated system. I'm sure there are some exceptions as well, where a piece of software would cost a lot to upgrade and the upgrade is avoided, but in the end you really need to consider the risk involved. 

If you have questions on operating systems and recovery processes, I'm always here to help. Feel free to call our office at 616.837.6930 and we can talk about how to get your business running as efficiently as possible.

The Future of Banking + Technology :: Perry School of Banking

Monday, May 15, 2017
"Business drives technology towards the future and not vice versa!"

That was the message sent at this year's Perry School of Banking presentation by our Director of Technical Services, Andrew Smith. Andrew welcomed a classroom full of banking professionals and together they collaborated and explored a number of topics relating banking to the world of technology.

The Michigan Bankers Association is the force behind the Perry Schools of Banking, which they have designed to provide people with the specific skills needed to manage the functional areas of banking, as well as develop the ability to problem solve, work in teams and make decisions in a managerial setting.

While we work with customers in many different industries, banking and finance are two areas that we are especially versed in. We welcome questions from small, locally owned credit unions all the way up to large financial institutions. If you would like to see Andrew's full presentation, it is available for download by clicking here. If you have any questions on the best IT solutions for your business, give us a call at 616.837.6930.