Online Payment
image description

tech blogging > our corner of the web

tech blogging >

Creating a Cost Effective IT Strategy :: Top 3 IT Services You Need

Tuesday, August 01, 2017
Implementing a cost effective IT strategy will benefit your business in countless ways. For starters, it gives your employees the productivity tools they need to be successful, keeps employees educated on IT security, and keeps your business protected against security threats - inside and outside your network. The big question is, where do you begin? We've taken the guesswork out of it by laying out the services you need to build a foundation that supports your critical business applications.

What are the “must have” IT services?

SECURITY PROTECTION: You need protection from outside and inside sources to keep all devices safe. Email phishing and wire fraud are real threats that can be very costly; and ransomware is the leading risk for data loss and corruption. To avoid these headaches, executing an appropriate security solution is key.
1. Educate your staff – train employees on how to detect threats and phishing emails, use strong passwords, and always secure devices with a PIN
2. Purchase a cloud-managed firewall with integrated threat prevention
3. Use a layered security solution that protects all devices
4. Encrypt your drives and keep your systems up to date
5. Ensure your solution is actively monitored with reporting options that show your current security risk level
Pro tip when purchasing a security solution:

Always buy software that is user-based versus device-based. A user-based license can be used on multiple devices so that your employees are protected on every device they use.

DATA BACKUPS: Part of a great security policy is an even better data backup policy. Don’t keep your most valuable asset – your data – in one location. Implement a cloud-based backup and disaster recovery service that will provide in-house data backup and restore capabilities. It’s also important to confirm your backup solution is being actively monitored and you receive easy-to-understand status reports. Always regularly test your backups.
A properly configured backup solution should always:
1. Protect against accidental deletion, system failure, and Ransomware
2. Allow your business to keep running in the event of a loss
3. Encrypt the backups to prevent data theft
4. Follow or exceed the 3-2-1 rule - have at least 3 copies of your data, 2 of which are local and on different mediums and 1 copy that is stored offsite
Pro tip when purchasing a backup solution:
Tell your IT provider: “I want a backup solution that protects all my systems and data, regardless of where they are”. Also, make sure that you establish how often you want your data backed up and that the backup solution is compatible with your in-house infrastructure.

EMAIL SOLUTION: Everyone uses email but what about security and collaboration? Employees are working from everywhere and teams still need to come together to get stuff done. Your e-mail solution must allow you to securely communicate with your staff and customers from any device at any time.
1. Use a cloud-based email solution for the highest security, most features, and most cost savings. Moving from in-house email to Office 365 saves up to 90% in admin and maintenance costs.
2. Take advantage of the collaboration capabilities for both internal communications and with your customers – instant messaging, document sharing, video, instant meetings, etc.
3. You don’t have to do it by yourself – work with a certified Cloud Partner for ease of administration and maintenance.
Pro tip when choosing an email service:
Make sure it has built in security, encryption, secure access from any device, multifactor authentication, the ability to set policies to control access to files, and user based pricing so that you can have the service on multiple devices.

If you have any questions, are looking for additional information, or would like to discuss your IT strategy, please reach out to our sales team or give us a call at 616.837.6930. We’re happy to be a resource to your business.

Don’t want to worry about RansomWare - Build a better backup strategy

Thursday, May 18, 2017
By Andrew Smith, Director of Technical Services

In light of the recent ransomware attack, the Internet has become as unsafe as it can be. Imagine walking down a dark alley with hundred dollar bills pasted to your clothes wondering if you would get mugged. That is how many people feel right now, and it is deserved.

Last week over 300,000 computers were held for “ransom” as they were locked by malicious activity. Obviously there are a variety of layers you should address to be safe, but in the end if you want peace of mind you should look at your backup strategy right now, this minute, no waiting.

A world map shows where computers were infected by WannaCrypt ransomware since Sunday, May 14, 2017 (as recorded by by NPR

Of course there are antivirus solutions out there, and those may work. There are a variety of network appliances that will help you avoid issues, and of course training is the biggest area most people should focus on and don’t. The reality is, someday, somehow there may be something that gets through and a backup may be your only solution. There are plenty of solutions out there, but you have to remember two things as you are navigating the world of backups. RPO and RTO.

RPO or Recovery Point Objective is simply, how much data are you willing to lose?
RTO or Recovery Time Objective is simply, how long are you willing to be down?

It seems like an easy question but as both numbers go down, cost goes up. That’s not all. If you think copying files somewhere is a backup, you're mistaken. You need a real solution, something that does not overwrite past backups. Why?

It seems we have had a few customers copying their files to the cloud, let’s say Cube for the sake of argument. They were copying because they had access to Cube, and when they were locked, guess what, Cube was locked as well. The net result is no backups.

At IT Resource we can help you find a way to back up your files using quality solutions like Datto, Veeam, and Zerto. Our skilled Solution Architects will find a price and a level of safety that is right for you and will allow you to meet your objectives. Our goal is to have customers that know things will work, because we are helping them. If, by chance, you don’t go with us, find someone who will help you be safe in this currently uncertain world and have the best backups possible to ensure your business will be here tomorrow, and the day after that. Give us a call at 616.837.6930 to get started.

IT Obstacles :: When Should You Update Your Systems?

Tuesday, May 16, 2017
By Andrew Smith, Director of Technical Services

How many aspects of your life fall into the category of “If it ain’t broke, don’t fix it”? In technology, this can be detrimental to our business and personal lives if we don't pay close attention to the risks associated with taking such a stance. Attempting to utilize outdated technology can be a money saver on the surface, but more often, it's a money trap waiting happen.

Years ago, I was working on a series of systems, determining use and necessary upgrades for each. I came across several old ones that were in use and identified one, an AS400 that was over 15 years old. The system was critical to about 400 individuals, and each person that I talked with promptly told me two things: They could not work without the system, and it was ok because they paid support for that system. These folks were adamant that we could not touch that system because “It was special”, “It could not be down”, and “They had support so we didn't need to worry about it.”

As my team reviewed the AS400, I sat down with the system owner and we called the vendor. They had been paying an excessive amount of money each year for support and I asked the vendor a simple question. “If the system goes down with a hardware failure, will you guarantee it will be repaired?” There was a pause, and then the answer came back. “Our SLA is, we will have a technician on site within 4 hours.” I smiled, waited, and asked the question differently, “Can you guarantee you will be able to bring the system back online”, and the answer came back again, “Our SLA is, we will have a technician on site within 4 hours.” We had some additional discussions but after the call I looked at the system owner, a non-technical person in charge of a major area, and asked if they understood what had just happened. They were very thoughtful and simply said, “I think we need to look at some additional options.”

We replaced that system with a newer box and worked towards the replacement of the software. By utilizing virtual techniques we moved the system to a more resilient platform, ensuring it would be online as necessary, and that the solution would not be a tech onsite within 4 hours, but instead, a system supporting 400 workers that would be online even in the event of a disaster.

So why was this a good decision? It's easy. First, if the entity had gone down for even one hour, the 400 workers affected would cost an excessive dollar amount.. Even if these were jobs at $10 an hour, which they were not, that's $4000 an hour. Second, if the data had been lost, there wouldn't have been alternate operating systems or hardware to bring the system back online and the cost of losing the data could be immeasurable. Third, the system itself, being out of date for so long, had numerous security issues and could easily have been compromised. This alone can destroy both the credibility of a business and finances with minimal opportunity for recovery. Fourth, the system itself was impacting users and becoming less usable, causing employees to find a workaround to do their job - costing the company even more money. 

So how does this matter to small and large businesses alike? Well, as the age of a system goes up, we add risk and potential points of failure, including replacement issues. The bigger the system with more moving parts, the more likely it is to run into issues.

A simple approach can be:
Hardware Age + Operating System Age + Risk + User Impact + Financial Impact - Disaster Recovery Resilience < 10

As hardware ages it requires updates and possibly replacement parts. As the parts become less available, the risk to the system increases. If you virtualize you should consider the virtual strategy to be part of the same equation, but in the case of the system, your hardware age is always 1 as the virtual system then becomes the necessary upgrade.

We often forget the operating system which can be the foundation for doing work at all. As its age goes up it will develop more security risks. If it's not being supported anymore, you are at major risk and need to find a solution.

In this case let's consider risk as regulatory (like HIPAA) or agency risk, with a rating from 0-5 where five is the greatest risk and zero is no risk at all.

User impact and financial impact are subjective but let's rate the impact from 0-3 where 0 is no impact at all, and 3 is high impact.

Disaster resilience can subtract from your score by creating situations where you can be back online quickly. This can be achieved through programs that minimize downtime. Using a virtual machine and a solution like Datto can get you back online quickly even in the event of a total loss, creating lower overall risk.

If you use the equation provided and come up with a number greater than 10, it's definitely time to start talking to an IT professional. If we take the example we had previously, we get these numbers: 15+16+5+3+3-1=42  Every increment beyond 10 should have been a red flag. 

It's also important to pay attention to what vendors are saying. Obviously, there is no guarantee on any system but when you're not given an ETA or an escalation path in case of an outage, you're skirting with downtime and potential costs associated with such.

Remember, if a system is not critical, will cost no time, will not be missed, has no critical or useful data on it, and can be gone forever with no impact on you or your business, then maybe it's ok to keep an antiquated system. I'm sure there are some exceptions as well, where a piece of software would cost a lot to upgrade and the upgrade is avoided, but in the end you really need to consider the risk involved. 

If you have questions on operating systems and recovery processes, I'm always here to help. Feel free to call our office at 616.837.6930 and we can talk about how to get your business running as efficiently as possible.

Experience Uninterrupted Service During a Data Center Outage

Monday, May 08, 2017
Data centers are not immune to outages, it can happen at any time. When it does, how do you get your business up and running quickly with minimal data loss?

With Zerto's award-winning disaster recovery and business continuity software, you can restore any virtualized IT infrastructure in minutes with just the click of a mouse while keeping data loss to seconds - not hours or days. You also have the option to protect your data on-premise or in the cloud – meeting your specific business requirements.

If your current business continuity / data recovery strategy isn’t meeting your SLA requirements and causes disruptions in your environment, give us a call and let us show you how Zerto solutions can be of added value to your organization while meeting SLAs! We can discuss your current IT infrastructure and tailor a solution that will work seamlessly in your business.

If you’re attending the Michigan Bankers Associations’ Annual Convention in Mackinac Island next month, keep an eye out for IT Resource and Zerto! We are exhibiting at this event and would love to talk about your organization's BC/DR strategy. Learn more here.

Small & Medium Business (SMB) Technology Solutions

Thursday, February 02, 2017

If you own a small or medium sized business you still need technology solutions that can take on your competition, and give your business the edge it needs to drive growth – all without breaking your IT budget. Our experience with highly technical, large enterprise solutions, combined with our dedication to the SMB marketplace allow us to offer enterprise-level results at a cost that even the smallest business can afford. Our SMB solutions provide customers with necessary business operations like unified communications, e-mail & messaging, virtualization, and backup solutions at a fraction of the cost of enterprise systems. Just because you are classified as a small or medium business doesn’t mean you can’t have enterprise capabilities.

Business owners often wear many hats, and as a result you may be trying to handle the technology portion of things yourself. We understand that you need the proper solutions in place without breaking the bank, and that's where we come in. Let's talk about how we can begin saving you time and money.

5 IT Problems to Avoid in 2017

Tuesday, December 20, 2016
Data breaches, loss of information, and internet hacks happen, and it's usually a matter of when, not if. But, a lot of IT problems and emergencies stem from events that could have been easily avoided. Having the right tools, training, and resources available to your entire organization is key. Read our 5 most common mistakes that often lead to much larger problems.

Here are 5 common mistakes that often lead to much larger problems
1. Failing to back up your files
Regular backups keep your documents, files, databases, e-mail, images, etc. protected in the event of a system failure. There’s so many different ways you can lose data - from hard drive failure to physical damage, to viruses and theft. To avoid lost data, make sure your organization has a backup solution that protects critical data and functions. Using the 3-2-1 backup rule is a great place to start. This means always having at least 3 copies of your data, 2 of which are local and on different mediums and 1 copy that is stored offsite.

2. Not using secure passwords

As a business owner or decision maker in your organization, you should consider implementing a password policy. While users might find it a hassle, it's far less inconvenient than dealing with a network security or data breach. Simple first steps include resetting all your passwords periodically. The longer you keep the same password; the more time an attacker has to access it. When was the last time you changed your passwords? Learn more about password security here.

3. Lack of a BYOD policy

A BYOD policy protects your organization’s network when employees access it on their personal devices. When you allow your staff to work on their personal devices, including phones, tablets, and laptops, it’s important to make sure that each device is password protected. Also, ensuring there is an automatic lock code or timeout function and using Mobile Device Management technology is very important. There’s no one size fits all approach when it comes to BYOD policies and that’s why it’s important to work with a professional to design a policy and security plan that will meet the security standards of the company and still give workers the flexibility they need.

4. Not protecting yourself from internet threats
A Cloud based security platform is your first line of defense against malicious destinations on the internet, blocking malware, phishing, and other threats. Cloud security platforms provide powerful, effective security that can deploy in minutes. It’s important to have Cloud based internet security because it can block threats before they even reach your users. It’s a very easy and inexpensive way to protect your users and it adds one more layer of protection.

5. Not knowing who to call
Many companies are lucky enough to have IT staff, but sometimes problems can arise that require additional resources and knowledge. That’s where we come in; we can act as your IT department, an extension of your IT department, or as needed. We’re here to be a resource to your organization and to make sure your systems are running as efficient as possible so you can get back to what’s important – your business.

If you have any questions, are looking for additional information, or would like to discuss your security plan for 2017, please reach out to our sales team or give us a call at 616.837.6930.

Cybersecurity Best Practices Business Series

Thursday, September 29, 2016
Protect yourself and your business through diligent practices and continued education. ChoiceOne Bank is hosting a three part informational series, presented by IT Resource, to help you learn to protect your business, employees and identity through cybersecurity best practices. Whether you and your employees participate in one class or all three topics, our goal is help you feel to prepared, protected and proactive.

Wednesday, October 5, 5-6pm OR Thursday, October 6, 7:30-8:30am, RSVP below
In today's connected society, access to your information from anywhere at any time has become a necessity - whether from inside your office, remotely while out of the office or from a mobile device. The necessity of having your data available from anywhere increases the risks to your data geometrically and being proactive in protecting it has become more important than ever. In this 45-minute presentation we will cover how to ensure your entire network is properly shielded from threats both inside and outside.
We will cover:
  · How layering your security provides maximum protection
  · What the latest firewalls provide and how they can protect you
  · How Active Monitoring can prevent and detect intrusions and threats as they occur
  · How to easily protect yourself and devices whether inside or outside the office
  · Why Virtual Private Network (VPN) strategies are still important
  · Wireless strategies that secure and protect your information
Presented in common terms, we will help you understand the security threats that we all face and several high-level strategies to combat them in an ever changing, fully "networked" world.

Thursday, November 3, 7:30-8:30am, RSVP below
Everyone seems to focus on technology to solve security risks, but how do you protect that technology from both inside and outside threats? How do you protect your desktop or notebook? Your email? Your business or personal data? In this 30-minute presentation we will focus on the common sense processes to safeguard your workplace from intrusion, loss, and other problems that will keep you from working in an efficient manner. Topics to be covered include:
  · Passwords
  · Email security
  · Mobile security
  · Social engineering
  · General physical security
Presented in common terms, we will help you understand the risks and provide a high-level guide to preparing your workspace to be safe, secure, and protected at all times.

Wednesday, December 7, 5-6pm OR Thursday, December 8, 7:30-8:30am, RSVP below
No one ever wants to be involved in a security event or have their data compromised, lost or destroyed. These events are disruptive to your business, can harm your company reputation and could have devastating financial costs. As much as we invest in the strategies of protecting and securing our information, we must also plan and be prepared for what to do if a security event occurs.
In this 45-minute presentation we will show how to prepare for the unpredictable, and with some simple tools, how to maintain your business functions and recover as quickly as possible. Topics to be covered include:
  · Strategies for business continuity planning
  · Strategies for backup and recovery
  · Ensuring your data is in a safe place
  · Dynamics of cloud computing
  · Communication do's and don'ts in the event of a breach or data compromise
Presented in common terms, our objective will be to ensure you understand that security events are a reality and you should be prepared to address common items quickly if such an event happens.

Each of these series takes place at ChoiceOne Bank, 450 W. Muskegon, Kent City. To register for any of these events, click here and indicate which date you will be attending.

A Layered Security Approach to Keep Your Credentials Safe

Tuesday, July 12, 2016

Two-factor authentication, commonly abbreviated as 2FA, is a security verification process that requires an extra piece of information in addition to your username and password. Information security breaches are becoming more common, on both the business and personal side, making heightened security measures a necessity. 2FA helps ensure that you are the only one who can access your account or mobile device – even if someone might have your password. For example, if your account uses 2FA you may be asked to enter your username and password, and then you'll be sent a text message with a verification code. You'll need to enter that verification code before you're able to access your account. If a hacker were to obtain your account password, 2FA adds an additional level of security by sending a unique verification code to your phone. Without that code, the hacker hits a roadblock.

The required extra piece of information is called an identifier. The three different types of identifiers used in authentication are:
  • Something you know – password, pin number, pattern, etc.
  • Something you have – security token, FOB, SMS, bank card, access/key card, etc.
  • Something you are – fingerprint, retina, voice recognition, etc.

2FA requires the user to provide two out of three identifiers and it can be implemented with very little effort across a variety of applications. It’s similar to multi-factor authentication, which is when the user must provide a variety of identifiers – usually involving a unique characteristic to their existence – think biometrics. Multi-factor can also include both 2FA and non-2FA credentials.
Some commonly used 2FA’s are:
  • pattern + security token
  • pin number + bank card
  • password + SMS
  • fingerprint + pin number

Unfortunately, hackers and cyber-attacks are only going to become more prevalent which means users need to take a proactive approach against information threats. Additionally, the growing number of connected devices and business applications that are used every day is making users more susceptible to mobile threats. Using 2FA is effective in preventing security threats because there’s a greater chance that the hacker will not have both identifiers to access information.

Will using 2FA protect you against every information security threat? No. But, it will drastically lessen your chances of being hacked and it’s certainly preferred over not using any type of two-factor or multi-factor authentication. Using your password alone is just not enough - the days of irrationally thinking “my password won’t get comprised” or “my security approach is good enough” are gone. Hackers are not only going after large corporations, they can also be at the heart of a small business or even an individual, which can lead to irreversible consequences and damage. Not to mention, a significant amount of time and resources wasted.

You may have been exposed to the Two Factor Authentication concept when setting up your new Apple or Android device. Here are some quick links for enabling 2FA on your mobile device:
2-step verification on Android
2-step verification for Apple

If you have questions about information security or mobile security, don't hesitate to contact us. We offer a varying level of managed security packages that cover your entire network, all the way down to just your email or software. There are also options for anti-virus and malware protection, as well as disaster recovery, should an information security breach take place. 

Visit Us At The Michigan Bankers Association Annual Convention

Friday, May 27, 2016
IT Resource will be attending and exhibiting at the Michigan Bankers Association (MBA) 130th Annual Convention June 21-24, 2016. This event is held at the Grand Hotel in Mackinac Island and it’s a celebration of the MBA’s history where they acknowledge the industry's leadership, including naming the MBA banker of the year. This year's theme, "Facing Forward" has never been more appropriate. The convention will look into the bright future with thought-provoking topics, insightful take-aways and ideas, and networking to forge meaningful relations in this great industry. We hope to see many familiar faces as it will be dynamic and a great time to network with peers, discover new opportunities and enjoy all the perks of Mackinac Island.

We'll also be joined by our business partner, Zerto, provider of enterprise-class disaster recovery (DR) and business continuity (BC) software specifically for virtualized data centers and cloud environments. With BC/DR being top of mind for many banks, our teams will be ready to answer questions and share our knowledge with you.

We hope to see you there and if you’re interested in attending, registration is still open

Disaster Recovery and Business Continuity with Zerto

Thursday, May 05, 2016
We’re delighted to announce that we’ve partnered with Zerto, provider of enterprise-class disaster recovery and business continuity software specifically for virtualized data centers and cloud environments. Data recovery isn’t just nice to have – it’s a must for any modern organization – and picking the right data recovery solution is just as important.

With Zerto's award-winning BC/DR software, you can protect your data on premise or in the cloud, removing the need for your DR site all together. You can restore any virtualized IT infrastructure in minutes with just the click of a mouse while keeping data loss to seconds - not hours or days. It’s pretty cool stuff and we’re excited to sell, integrate and support these proven BC/DR solutions.

If you’re ready to take your cloud strategy to the next level, give us a call and let us show you how Zerto solutions can be of added value across your organization! We can discuss your current IT infrastructure and tailor a solution that will work seamlessly in your business.