Mode:         
Posts

iPhone Tech Tip: Managing Do Not Disturb In iOS

The latest update for iOS 8 for the iPhone and iPad brings a host of new notification features.  While helpful at times can this also be be just a lot of noise or intrusive at the wrong times of the day.  There are two easy ways to control alerts, phone calls and messages.  

iOS 8In the Settings > Notifications you can configure how you are alerted. In Settings > Do Not Disturb can manage the time of those email alerts, text messages and even incoming phone calls.  So if you don't want notifications from 11 pm until 6 am you can set those times as desired.  Importantly, the Do Not Disturb settings provide you the option to override this and receive calls from select groups.  If you still wanted to hear from certain family members or peers during those down times the calls will still ring through. 

To manually active the Do Not Disturb settings during a meeting simply swipe up from the bottom of the screen to launch Control Center. Tap on the crescent moon icon in the top row to activate Do Not Disturb. You will just need to turn off this setting when you are ready to resume your normal notifications.  

Finally, you will know when you have Do Not Disturb activated with a small crescent moon icon across the top status bar on your iPhone and iPad.

Ease Technologies is uniquely qualified to support all your Windows, Apple and iOS devices.  Contacts us today to learn more how we can help you make the most of your mobile devices and technology at (301) 854-0010. 
    

5 Things to Consider When Planning Your Data Backup Process

Your organization's value depends on its data. A catastrophic loss of data will cripple your company, often beyond the point of recovery. For this reason, data backup plans are essential, even for startups. Save time and money by doing it right from the start instead of waiting until after the disaster. Every company needs to have their own plan that considers not only speed of recovery, but redundancy for business continuity. Many backup plans include local recovery and remote offsite options. 

Here are five things to consider when planning your data backup process.

1. Choose the Right Medium

You can store data almost anywhere, especially when you don't have much to back up. However, the storage medium you choose determines how quickly you can go from a server crash, and lost data, to being productive again. The best storage medium allows you to store large amounts of data, but also makes recovery quick.

For instance, DVDs may be convenient and inexpensive, but they'll prove to be rather difficult to manage once you have terabytes of storage to maintain. Hard drives might make sense in such a situation, especially if you are looking for redundancy in your backup solution.  Cloud backup offers an offsite option and is important part of the planning. 

What is best really comes down to your own specific needs.

2. Test Your Backups

How do you know your backups aren't corrupted? One common unforeseen failure in data backup plans is corrupted files, found only once a catastrophic failure has occurred. You simply don't know the integrity of your backups unless you test them.

The frequency of when you test your backups ultimately depends on the value of your specific data. It is recommended that you periodically check to make sure that your backups work as expected and restore properly. This process will not only ensure the integrity of your backups, but also provides a regular check that the backups are occurring at the specified interval.

3. Schedule Your Backups During Off-Peak Hours

Scheduling large amounts of data transfers across your network can create all kinds of problems. First, moving terabytes of data can take hours and it will eat up your bandwidth. Backups performed during the day will affect users' productivity. They can even create issues with dropped virtual meetings, phone calls (VoIP) or data transfers. Instead of interrupting users, schedule your backups at night.

To perform scheduled backups, you'll need good software. The software must be able to identify when resources weren't properly backed up and alert you to any issues. It also must be reliable enough to back up your data regularly without interruptions.

4. Audit Your Data

Backups are easy when you have one server. But, what happens when your company expands and you have several servers and workstations to maintain? You can easily forget to include important data in your backup process. The only way to ensure that you back up all your important data is to perform an audit.

Your audit should include all the servers within your network. First, you must know where users back up data. These file servers hold important user documents. Second, you always need to back up database servers. These servers contain critical company data. Finally, any application servers must have backups. Application servers can usually have more infrequent backups since they do not change often.

5. Prioritize Security

The last thing to consider is security, but it's probably one of the most important. You can't back up all your data and leave it in a random location. Poorly secured backups leave not only a few documents open to hackers, but tons of data. Backups are frequently forgotten when securing your network, but you should have high standards for their security.

Don't skimp on your company's most prized possession. Data is your company's most critical asset. Contact us for a quick check-up on your existing data backup process to make sure you've taken everything into account.  Every company has different needs, contact us and learn how Ease Technologies can help your business with important data backup planning and implementation.  Call us today at (301) 854-0010.

    

How Hackers Steal Data and Keeping Yourself Protected

Digital security has never been more important than it has been in 2014. Cyber crimes are becoming both more prolific and more devastating.

Most recently, the world learned that Russian hackers had stolen 1.2 billion unique password and user name combinations. Shortly afterward, two US supermarkets announced they too had been hacked. Customers' credit card information was stolen from 180 stores across seven states.

security passwordsHackers have also targeted the healthcare industry. Over 200 hospitals across the US suffered from a major security breach. The criminals took 4.5 million patient records by exploiting a flaw in a system made vulnerable by the Heartbleed bug.

Heartbleed shocked the world after news of its existence broke in April 2014. It left millions of websites open to attack. Reuters estimated that the bug cost businesses tens of millions of dollars.

These examples illustrate the increasing scale of cyber criminal attacks. Recent studies confirm that these attacks affect an exponential number of people, with a related surge in the revenue acquired by criminals.

How Hackers Are Doing It?

There's no limit to the time and creativity being invested by the latest generation of cyber thieves. This has led to an ever-expanding number of tactics and exploits through which attacks may be executed. As a result, cyber thieves now have more tools at their disposal to help them steal protected information or money online.

Currently, the most newsworthy method is breaching the security of a major corporation or organization, as was the case in the examples discussed earlier. Unfortunately, there's nothing that the average person can do to protect his or her information from this type of attack.

Hackers also steal their victims' information by strong-arming their way into otherwise secure systems. These brute-force efforts crack passwords by systematically running through every password possibility. Criminals using this attack can narrow down the search using known details about the password or user. They can also speed up the process using dictionaries of common password combinations, like "abc123" or "password."

Another popular hacker trick is phishing. Phishing occurs when hackers pose as trustworthy companies to trick people into giving up their sensitive account information. Typically, the recipient receives an email or instant message urging them to enter their account information on a fake website that looks identical to the real one.

Criminals also use social engineering techniques to trick people into giving up their passwords. They know that people will sometimes accidentally reveal important information to friendly strangers. Similarly, hackers can convince people to give up their passwords by pretending to be legitimate IT specialists hired by the company.

While many of these methods seem crude, they can be very effective.

How Users Are Staying Safe?

While it seems little can be done to defend against these attacks, the first and most important step is to revisit password strategies.

In order to properly use passwords, one must understand the concept of password strength. IT professionals evaluate the durability of a password by classifying it in terms of bits. In short, the more bits a password has, the stronger it is.

Passwords with 12 case-sensitive letters have 64-bits which could take a hacker quite some time to crack. However, the use of symbols, numbers, and case-sensitive letters can substantially improve password strength. According to information security expert George Shaffer, an eight-character password of this complexity is unlikely to be cracked for two years.

A single strong password isn't enough protection, though, as it may be leaked to an attacker through social engineering or some other attack. Given the risk, the best strategy is to use a unique strong password for every account.

Password Managers

Password managers offer a convenient solution for the handling of complex passwords. These applications typically provide features for the generation and storage of passwords.  I really like 1Password, but LastPass is another very good tool.

Many password managers also provide automatic password auditing to identify weak or shared passwords. Some even issue alerts in the event that a password is compromised, providing a chance to salvage a compromised account before any damage is done.

There are few downsides to using a password manager. The most notable is the chance of the password database being stolen or compromised. However, many of these databases are stored online in encrypted form, so the benefits tend to outweigh the risks.

Multi-Factor Authentication

Standard authentication, or logging in, relies on a username and password. If an attacker obtains the password associated with a username, they can easily compromise the related account. As its name suggests, multi-factor authentication (MFA) instead relies on multiple pieces of information, providing an added degree of protection.

Typically, MFA requires two pieces of information: something you know and something you have. An example of MFA in everyday life would be authentication for ATM access. In order to access your bank account through an ATM, you need something you know (your PIN) and something you have (your card). Similarly, accessing an MFA-enabled account requires not only a password, but also interaction with something you have, such as a mobile phone or digital fob.

When available, MFA is one of the best available options for protecting an account. Banks and larger IT service providers, like Google and Microsoft, usually offer MFA, but most services do not.

Ease Technologies is an IT consulting and technology services firm that supports clients and markets seeking flexibility, creative talent and high reliability in a partner. Our expertise and current service offerings include IT Managed Services, Deployment Services, Software Development, Education Consulting, as well as  IT Staffing. Call us today at (301) 854-0010

    

What Are The Compliance Standards That Cloud Vendors Should Follow?

Cloud services are part of all our lives today on our computers and mobile devices.  Everything from music, taxes filings, mail, photographs, phone calls, server backups applications and documents can be hosted by a cloud provider.  The security and privacy practices of cloud venders should always be considered when evaluating hosted services.   Here is an overview for two of the most common security compliance standards and regulations as it relates to the cloud. 

ISO/IEC 27001:2005

ISO/IEC 27001 is one of the top security benchmarks available in the world. ISO/IEC 27001:2005 is part of the family of ISO/IEC 27001 standards and specifies requirements for the implementation of security controls customized to the needs of an organization. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and appropriate security controls that protect information assets. ISO/IEC27001:2005 formally specifies a management system that is intended to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS). 

In addition, this is used by vendors to provide information on security policies,  software updates, physical security, malware protection, cyber threat protection and other privacy adoptions.  

ISO/IEC 27001 requires that management:
• Systematically examine the organization's information security risks, taking account of the threats, vulnerabilities, and impacts;
• Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable; and
• Adopt an overarching management process to ensure that the information security controls continue to meet the organization's information security needs on an ongoing basis.

An ISMS may be certified compliant with ISO/IEC 27001 by a number of Accredited Registrars worldwide. Certification against any of the recognized national variants of ISO/IEC 27001 by an accredited certification body is functionally equivalent to certification against ISO/IEC 27001 itself.  A certified cloud services provided must be able to to demonstrate formulate security requirements and objectives, implementing planned measures, inspecting and modifying activities based on changing conditions to meet those objectives.

SSAE16 / SOC2 

SSAE16 / SOC2 are a series of accounting standards that measure the control of financial information for a service organization. The SOC 2 reporting focuses on a vendors non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality and privacy. SSAE16/SOC2 reporting follows the Trust Services Principles established by the American Institute of CPAs (AICPA).  SOC 2 provides a standard benchmark by which data center audit reports can be compared and the customer can be assured that the same set of criteria was used to evaluate each site. (SOC 1 is a report on the internal controls over financial reporting)

SSAE 16 Definition:  Statement on Standards for Attestation Engagements (SSAE) No. 16 is an attestation standard put forth by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) that addresses engagements undertaken by a service auditor for reporting on controls at organizations (i.e., service organizations) that provide services to user entities, for which a service organization's controls are likely to be relevant to a user entities internal control over financial reporting (ICFR).

The Trust Service Principles which SOC 2 is based upon are modeled around four broad areas: Policies, Communications, Procedures, and Monitoring. Each of the principles have defined criteria which must be met to demonstrate adherence to the principles and produce an unqualified opinion. The engagement for SOC 2 reports must be done so in accordance with AT Section 101. 

These are two of the primary standards that most cloud vendors should follow.  Again, they provide a standard for security benchmarks and non-financial reporting. Depending on the industry they serve, cloud providers may also comply with Health Insurance Portability and Accountability Act (HIPAA), Federal Information Security Management Act (FISMA), U.S.–EU Safe Harbor framework, Family Educational Rights and Privacy Act (FERPA), Gramm–Leach–Bliley Act (GLBA) and Financial Industry Regulatory Authority (FINRA). 

Finally, there are several new cloud compliance standards that are on the way of being completed and adopted. Wide acceptance and agreement from NIST, Cloud Security Alliance and IEEE are involved, but will only gain ground when the major cloud vendors join in.  More on this topic over the next few months.

Many firms are recognizing the value of cloud services.  To learn more about how cloud services can cut costs and improve your firm’s security check out the benefits of our Ease Cloud Workspace™ or call us today at (301) 854-0010.

    

Free Webinar - Apple Update 2014 for iOS 8 and OS X Yosemite

iOS 8Apple has just released iOS 8 for the iPad and iPhone.  About to be released is OS X Yosemite for the Macintosh in mid-October.  These two upgrades offer many significant enhancements with hundreds of new features. Some of these new capabilities are closely coupled between devices, which make them even more powerful.

Ease Technologies will be offering a free lunch time webinar that will cover the major highlights of these upgrades.  We will demonstrate how you can get quickly started by using key productivity, messaging, sharing and security features.  The online webinar will cover iOS 8, OS X  Yosemite and shared features between the two operating systems.

Sign up today for this free Lunch and Learn webinar!  During registration you can include questions you want to hear more about during the webinar.  

Some of the topics covered during the webinar will include:
• iOS 8 Upgrade for the iPhone and iPad
• OS X Yosemite for the Macintosh
• Messaging
• iCloud and iCloud Drive 
• Notifications and Widgets
• Security enhancements
• Handoff
• Key apps and application updates
• Apple Pay
• Numerous tips 
• Q and A

Date: November 5, 2015 
Time: 12pm- 1:pm
Location: Online Webinar
Registration: Online Here

Presenters:
Dave Kile - Vice President

Dave Kile is a co-founder of Ease Technologies and a former Apple employee
with over 25 years experience in the IT industry. He provides an invaluable expertise working with clients in all aspects of IT support.
Dave has lead teams implementing projects ranging from healthcare patient portals, the creation of public safety IT help desks to the relocation of financial trading firms. Additionally, he is actively involved providing education seminars, webinars and blogs sharing ways that businesses can improve security, productivity and reducing costs.

Matt Schmidt – Director, Managed Accounts 
Matt has been with Ease Technologies for over a decade and currently manages the Help Desk Teams at various institutions.  Matt brings a wealth of experience to his role focused primarily on technology in education, which he has successfully honed for over a dozen years.  Matt also helps lead and manage the company’s infrastructure consulting business and plays an active role in leading the firm’s Managed Services segment.  During his tenure with Ease, Matt has directed and participated in many high profile technology projects throughout the region and has successfully shared his knowledge and real world experiences assisting many key education institutions both locally and nationwide.

Don't wait and get started with latest upgrades by attending the online webinar!

    

Sign up here for monthly newsletter

Upcoming Events

Calendar Icon

Upcoming Events

Wounded Warrior iPad Training
12/18/2014 12:00 PM - 1:00 PM

Blog Archive

Archive by Years