Online Payment
image description

tech blogging > our corner of the web

tech blogging >

Cars, Rock & Roll, and a Little Technology

Tuesday, August 16, 2016
This month marked the 26th annual Del Shannon Car show. Held in Coopersville, MI, Del Shannon's hometown, the show is a highlight of summer for many car enthusiasts. IT Resource was proud not only to be a sponsor but to once again provide volunteer services to ensure the show went smoothly. We assisted in the setup of a small wireless network and provided internet and database access to a series of iPads being used to register the cars in the show. This allowed for successful tracking and accounting, which is crucial, given there are upwards of 600 cars in the show each year.

Our team members, including IT specialists Greg Lundeberg and Leo Reap, deployed, set up, and configured a Meraki wireless solution for the show. Their services went above and beyond, including Greg being at the show at 4:00 am when the first cars started rolling in. Any time we can use our expertise and experience to help benefit our local community is time well spent.

The winner of the IT Resource trophy at last year's event

In spite of the morning's poor weather the group of volunteers did a great job moving cars through and getting them placed for judging in a timely manner. This is thanks in part to the technology measures that were put in place and to the car show’s effective planning. Hats off to everyone involved, including Greg. You all did a great job pulling everything together and the show was a huge success!

Benefits of SIP Trunking

Monday, August 08, 2016
When it comes to technology, you want to know the bottom line: How does this help my business and when will I see a return on my investment? Businesses today require more than simple independent phone and data lines to work efficiently and stay connected to your ever-growing mobile workforces. This is where SIP Trunking comes in. 

SIP Trunking is a scalable and flexible solution that allows you to streamline your communication costs and resources. SIP Trunking can be thought of as the virtual equivalent to T1 lines coming in from the phone company. Instead of calls coming through on a standard phone line connected by jacks and cables at your desk, they come through on your computer or mobile device.

Benefits of SIP Trunking
- No overlapping networks, reducing costs: You no longer need both a data and telephone voice network. With SIP trunking, one IP-based network provides multiple streaming capabilities.
- All calls are local: Reduce long distance (and some international) costs because calls are local with SIP trunking.
- Reduced telephony and upgrade costs: You don't need to purchase hardware or upgrade your service when you move from one E1/T1 to two. Instead, you simply increase your Internet bandwidth. No more hardware purchases, installation and maintenance costs.
- Eliminate 800 numbers: Local numbers can now be provided, no matter where your business is located.
- E911 Support for remote phones: Extend your savings across your entire enterprise with local E911 and local number portability.

We've teamed up with nexVortex, whose offices are located throughout the US (including one right in Grand Rapids), to provide the best solutions for your voice services. SIP Trunking offers the added functionality to make calls anywhere in the world, including toll free numbers, 911/E911 calls, and its portability makes it an ideal solution for all of your voice, data, and IP needs. If you have any questions on how you can begin saving valuable business resources with SIP Trunking, contact us today.

Carter's Kids Golf Event in Traverse City

Sunday, August 07, 2016
Gary and Gayla represented IT Resource well when they tee'd off at the 6th Annual Carter’s Kids Golf Event with Carter Oosterhouse. You might recognize Carter from TLC's Trading Spaces and multiple shows on HGTV and the DIY network.

Carter Oosterhouse is from Traverse City, MI so each year he and his wife, actress Amy Smart, return to his hometown to host this special event. We've been a long-time sponsor of the event because it's always so fun, but more importantly, it represents a great cause. All proceeds benefit Carter's Kids Playgrounds.

Carter’s Kids is a non-profit organization dedicated to creating and promoting awareness of fitness and self-esteem for America’s youth. Their purpose is to increase the activity level of kids by building and developing community parks and playgrounds in their neighborhoods. The kids then have the opportunity to take an active part in building up their community by using, sharing, and caring for these public spaces.

Thanks Carter, for creating these special places for kids in our communities. We're happy to participate in such a wonderful event.

Network Engineer: Todd Hekkema

Friday, August 05, 2016

People profiles give you a chance to meet our staff - the folks you may deal with on a regular basis here at IT Resource.

Official Title: Network Engineer

What do you do at IT Resource, and what certifications do you have: I provide day-to-day and project support to our customers who range from small to enterprise level companies.

How long have you worked at ITR? Since 2005

Tell us something your colleagues don't know about you. I’m pretty open, I think they know everything.

What's the most interesting job you've ever had that was not IT related?
Zen Garden Landscaper

What was the last book you read?
A Purpose Driven Life

What's one thing you can't live without?

If you could meet one famous person, dead or alive, who would it be?
Babe Ruth, get a couple of signed balls, buy some stuff.

What's your favorite movie of all time?
So I Married an Axe Murderer

What's the best place you've ever travelled to?

What do you consider to be your greatest success or proudest moment in life so far?
My kids!

What's the best piece of advice you've ever received?
“Whatever you do, do well.”

When you were younger, what did you want to be when you grew up?
Sports Trainer

Ransomware :: By the Numbers

Thursday, August 04, 2016
"It won't happen to me."

Famous last words by the business person who assumed hackers only targeted the big business, the little guys, or basically anyone other than them. Some businesses simply don't take the time to deal with proper security measures and others just aren't aware that their current protection isn't sufficient. The thing is, ransomware is growing fast, can be devastating, and shows no boundaries - everyone is fair game.

With technology ever-changing and hackers getting more sophisticated it's more important now than ever before for businesses to implement a layered security defense. You might think that cybercriminals are mostly targeting enterprises, but according to a report by Keeper Security and the Ponemon Institute, 50% of small businesses have been breached in the past 12 months.

Hackers often use ransomware, a type of malware, which takes control of a computer and then encrypts all the data on it, rendering it inaccessible. Cisco reported that 9,515 people end up paying ransoms each month. The average ransom is $300 and hackers could make $34 million a year on ransomware attacks. To read more about Cisco’s cybersecurity report, check out this recent article published in Fortune, "5 Takeaways From Cisco's Big Cybersecurity Report".

The numbers don't lie
Having worked with a variety of security products and software, we found that a crucial layer in the security approach is OpenDNS. It not only blocks malware, botnets and phishing over any port, protocol or app, but also detects and contains advanced attacks before they can cause damage. You can predict and prevent attacks before they happen, regardless of whether your employees are on or off the network.

To put it into perspective, we ran a report of our existing customers who currently have OpenDNS and we’re pretty proud of these numbers. In the last 7 days, for our customers with OpenDNS, there have been:
• 9.8 million queries
• 9 thousand malicious items blocked
• 2 thousand instances of malware prevented
• 3 of those instances contained botnets

The threats are out there and the impact that security attacks have made on businesses everywhere has been significant. Choosing the proper security measures for your business should be an easy decision - don't allow yourself to be vulnerable another day. If you have any questions regarding OpenDNS, security measures for your business, or would like a quote, get in touch.

HIPAA Risk Assessments :: A Necessary Evil

Wednesday, August 03, 2016
Are you one of the 700,000 organizations required by law to conduct a HIPAA Risk Assessment? This includes hospitals, dental offices, nursing homes, and correctional facilities, just to name a few. These HIPAA assessments can be a daunting task and can drain company resources quickly. But, they really are a necessary evil because avoiding a HIPAA security breach requires you to recognize your specific security vulnerabilities and take strategic steps to mitigate those risks. A comprehensive Compliance Risk Analysis, conducted by an IT firm, will ensure that you’re compliant with HIPAA’s administrative, physical and technical defenses - allowing you to feel at ease, knowing your business is taken care of.

Leave the heavy lifting to us so you can focus on your business!
Our Compliance Risk Analysis gives you a complete set of HIPAA documents including: HIPAA Policy and Procedures, HIPAA Risk Analysis, HIPAA Management Plan, Evidence of HIPAA Compliance and all associated supporting documentation. If you don’t perform a thorough risk analysis, you don’t know where your vulnerabilities lie and you can’t adequately mitigate your risk.  

The three phases of our Compliance Risk Analysis:

Phase 1 - Data Collection: This includes a client site interview where one of our engineers will review your environment, document and check on a wide range of security policies. The initial data collection also includes an on-site survey, installation of a non-invasive HIPAA scanner on each PC in the office and an external vulnerability scan.

Phase 2 - Secondary Data Collection:
This will include completing three worksheets – a User Identification Worksheet, a Computer Identification Worksheet, and a Share Identification Worksheet. The data from these worksheets will be cross-correlated with the data collected from the first phase to ensure there are no anomalies.

Phase 3 - Presentation of Final Documents:
At the conclusion of the analysis, we will provide all of the primary and secondary documents that are required under the law. This includes:
HIPAA Policy and Procedures – This report shows what your organization will do while the procedures detail how you will do it. This translates into your new way of doing business and becomes part of your company manual for all employees.
HIPAA Risk Analysis - This report identifies the locations of electronic Protected Health Information (ePHI), vulnerabilities to the security of the data, threats that might act on the vulnerabilities, and estimates both the likelihood and the impact of a threat acting on a vulnerability.
HIPAA Management Plan - Based on the findings in the risk analysis, a risk management plan is provided with specific tasks required to minimize, avoid, or respond to risks.
Evidence of HIPAA Compliance – Because documents must be kept for six years, the evidence of compliance report includes log-in files, patch analysis, user & computer information, and other source material to support your compliance activities.

Our Compliance Risk Analysis is one of the best defenses you can have to protect yourself from a costly violation of the HIPAA Security Rule. Not to mention the stiff fines that are often levied on those who fail to take pro-active measures to prevent them. Just last month, a health care services organization failed to do a risk analysis and the Office of Civil Rights, which oversees HIPAA, fined the organization $650,000. Read the full story here.

If you want to learn more about our analysis, including pricing and samples of the required HIPAA documents that we provide, please call 616.837.6930 or email us.

Small Business, Big Threat :: Are You Protected?

Wednesday, July 13, 2016
How protected is your small business?

When the Small Business Development Center (SBDC) asked us to assist in developing a program that would help small businesses recognize the potential of a security threat, we were on board. All businesses from coffee shops to small manufacturing facilities can be targeted by hackers and the end result is often devastating.

We worked closely with the SBDC, located at Grand Valley State University in the Grand Rapids area, to develop a quiz designed to easily show you how protected your small business is.
Take the free Small Business, Big Threat Cyber Security quiz now!

The program also offers great resources with downloadable action plans on various security topics, including:
  - Cyber Security Best Practices
  - What To Do if Your Business is the Victim of a Data or Security Breach
  - Best Practices for Securing Mobile Devices

Don't fall victim to a malicious hacker. Take the quiz today to see how at-risk your business is.

A Layered Security Approach to Keep Your Credentials Safe

Tuesday, July 12, 2016

Two-factor authentication, commonly abbreviated as 2FA, is a security verification process that requires an extra piece of information in addition to your username and password. Information security breaches are becoming more common, on both the business and personal side, making heightened security measures a necessity. 2FA helps ensure that you are the only one who can access your account or mobile device – even if someone might have your password. For example, if your account uses 2FA you may be asked to enter your username and password, and then you'll be sent a text message with a verification code. You'll need to enter that verification code before you're able to access your account. If a hacker were to obtain your account password, 2FA adds an additional level of security by sending a unique verification code to your phone. Without that code, the hacker hits a roadblock.

The required extra piece of information is called an identifier. The three different types of identifiers used in authentication are:
  • Something you know – password, pin number, pattern, etc.
  • Something you have – security token, FOB, SMS, bank card, access/key card, etc.
  • Something you are – fingerprint, retina, voice recognition, etc.

2FA requires the user to provide two out of three identifiers and it can be implemented with very little effort across a variety of applications. It’s similar to multi-factor authentication, which is when the user must provide a variety of identifiers – usually involving a unique characteristic to their existence – think biometrics. Multi-factor can also include both 2FA and non-2FA credentials.
Some commonly used 2FA’s are:
  • pattern + security token
  • pin number + bank card
  • password + SMS
  • fingerprint + pin number

Unfortunately, hackers and cyber-attacks are only going to become more prevalent which means users need to take a proactive approach against information threats. Additionally, the growing number of connected devices and business applications that are used every day is making users more susceptible to mobile threats. Using 2FA is effective in preventing security threats because there’s a greater chance that the hacker will not have both identifiers to access information.

Will using 2FA protect you against every information security threat? No. But, it will drastically lessen your chances of being hacked and it’s certainly preferred over not using any type of two-factor or multi-factor authentication. Using your password alone is just not enough - the days of irrationally thinking “my password won’t get comprised” or “my security approach is good enough” are gone. Hackers are not only going after large corporations, they can also be at the heart of a small business or even an individual, which can lead to irreversible consequences and damage. Not to mention, a significant amount of time and resources wasted.

You may have been exposed to the Two Factor Authentication concept when setting up your new Apple or Android device. Here are some quick links for enabling 2FA on your mobile device:
2-step verification on Android
2-step verification for Apple

If you have questions about information security or mobile security, don't hesitate to contact us. We offer a varying level of managed security packages that cover your entire network, all the way down to just your email or software. There are also options for anti-virus and malware protection, as well as disaster recovery, should an information security breach take place. 

Microsoft Offers Technology Deals for Schools, Libraries, Museums, and More

Friday, July 08, 2016
If there's any business or institution that deserves a break on technology costs, it's a school. Vital for education, schools, museums, and libraries can take advantage of free products and services, academic licensing and special offers. All you need is a Microsoft Authorized Education Partner to take you there.

As a Microsoft Education Partner we can purchase and resell academic licensing to qualified educational users at a discounted price. Academic volume licensing is available to all qualified educational institutions including public libraries and museums, administrative offices, and boards of education.

Benefits of purchasing a Microsoft Open Value Subscription for Education Solutions (OVS-ES):
· Easy compliance – count your employees once per year and you’re covered
· Customized Solutions – add products either institution-wide, department-wide, or for individual devices
· Simplified Asset Management – track and manage your software assets with self-service tools
· Low Administration – subscription licensing eliminates the need to track licenses
· Lower Total Cost of Ownership – maximize your investment with access to current technology, student licensing, Software Assurance, and more
· Cloud on Your Terms – Free access to Microsoft Office 365 Education

When working with a Microsoft Education Partner, you know you're buying products and solutions from academic IT specialists. If you’re a qualified educational user, give us a call today at 616.837.6930. We can provide a flexible and affordable solution that fits your organization's size and purchasing preference.

Educational offers typically include deals on Office 365 and Windows 10. To find out what's currently being offered to qualifying educational institutions, visit Microsoft's special offers page.

Is Your Email Vulnerable?

Friday, July 01, 2016
Email Security & Vulnerability
Your employees send hundreds of emails each day. While it seems easy and harmless to click the send button, they may not realize the risk to both them and your business. Thanks to our active media and their interest in computer breaches, we are now far more aware of the risk. Everyone in your business needs to understand both the challenge and the risks of using email and how to solve it—without interrupting your business.

When evaluating the need for email, mobile and network security, we can no longer turn a blind eye. Balancing corporate responsibility with the statistical odds that your valuable customers and partners might discover your company has had an email breach can be a drain on both you and your organization.

More is at stake than just your organization’s reputation. According to the Ponemon Institute’s annual “Cost of a Data Breach” report, the average cost of responding to and resolving a corporate data breach is $3.5 million or more. This cost does not reflect civil liabilities or the revenue loss from alarmed customers. The cost also does not account for regulatory involvement and any litigation or fines that may be associated with a security breach.

Protecting Email and Your Organization
Encryption makes email text and attachments indecipherable to unauthorized individuals. If an unauthorized individual intercepts an encrypted email or an archived message, they will not be able to read it. Email encryption can be easy. Many technology advancements have made encrypted email as simple to use as regular email. These advancements include:
• Automatic Scanning of Employee Emails
• Convenient Delivery to Recipients
• A Smooth Mobile Security Experience

One Solution

Zix Email Encryption is an all-inclusive email security solution, from key management, to secure delivery in the easiest manner possible for your recipients. Zix offers industry-leading email encryption, a unique email Data Loss Prevention (DLP) solution, and an innovative email Bring Your Own Device (BYOD) solution to meet your company's data protection and compliance needs.

Zix and IT Resource are partnered to assist you in addressing any email security, network security, or mobile security concerns you have. To learn, contact us at 616-837-6930.

This content was featured in the MICPA CPE Guide – For Today’s CPA in Business & Industry, September – October 2016