Blog

October 9th, 2014

Security_Oct07_BIn late spring of this year news broke of the biggest security issue to date - Hearbleed. Many companies leapt to secure themselves from this, but the fallout from it is still being felt. That being said, there is a new, even bigger, security problem called Shellshock that all businesses need to now be aware of.

What exactly is Shellshock?

Shellshock is the name applied to a recently uncovered software vulnerability which could be exploited to hack and compromise untold millions of servers and machines around the world. At its heart, the Shellshock vulnerability is based on a program called Bash. This is a Unix-based command program that allows users to type actions that the computer will then execute. It can also read files called scripts that contain detailed instructions.

Bash is run in a text-based window called a shell and is the main command program used by OS X and Unix. If you have a Mac computer and want to see what Bash looks like, simply hit Command (Apple Key) + Spacebar and type in Terminal. In the text-based window that opens in Bash you can enter commands using the Bash language to get your computer to do something e.g., eject a disc, connect to a server, move a file, etc.

The problem with Bash however is that it was recently discovered that by entering a specific line of code '() { :; };)' in a command you could get a system to run any following commands. In other words, when this command is used, Bash will continue to read and execute commands that come after it. This in turn could lead to a hacker being able to gain full, yet unauthorized, access to systems without having to enter a password. If this happens, there is very little you can do about it.

Why is this such a big issue?

To be clear: Shellshock should not directly affect most Windows-based machines, instead it affects machines that use Unix and Unix-based operating systems (including OS X). So why is this so big a deal when the majority of the world uses Windows-based computers? In truth, the majority of end-users will be safe from this exploit. However, the problem lies with bigger machines like Web servers and other devices such as networking devices, and computers that have had a Bash command shell installed.

While most users have Windows-based computers, the servers that support a vast percentage of the Internet and many business systems run Unix. Combine this with the fact that many other devices like home routers, security cameras, Point of Sale systems, etc. run Unix and this is becomes a big deal.

As we stated above, hackers can gain access to systems using Bash. If for example this system happens to be a Web server where important user information is stored, and the hacker is able to use Bash to gain access and then escalate themselves to administrative status, they could steal everything. In turn this could lead to the information being released on to the Web for other hackers to purchase and subsequently use to launch other attacks - even Windows-based systems. Essentially, there are a nearly unlimited number of things a hacker can do once they have access.

If this is not dealt with, or taken seriously, we could see not only increased data breaches but also larger scale breaches. We could also see an increase in website crashes, unavailability, etc.

So what should we do?

Because Shellshock mainly affects back-end systems, there is little the majority of users can do at this time. That being said, there are many Wi-Fi routers and networks out there that do use Unix. Someone with a bit of know-how can gain access to these and execute attacks when an individual with a system using Bash tries to connect to Wi-Fi. So, it is a good idea to refrain from connecting to unsecured networks.

Also, if you haven't installed a Bash command line on your Windows-based machine your systems will probably be safe from this particular exploit. If you do have servers in your business however, or networking devices, it is worthwhile contacting us right away. The developers of Bash have released a partial fix for this problem and we can help upgrade your systems to ensure the patch has been installed properly.

This exploit, while easy to execute, will be incredibly difficult to protect systems from. That's why working with an IT partner like us can really help. Not only do we keep systems up-to-date and secure, we can also ensure that they will not be affected by issues like this. Contact us today to learn how we can help.

Published with permission from TechAdvisory.org. Source.

Topic Security
October 9th, 2014

BusinessValue_Oct07_BBusinesses, like restaurants, boutique fashion stores, and even some delivery operations have flocked to mobile payment systems largely because you don't have to invest in expensive Point of Sale equipment and can instead run it all from a device like an iPad. With the recent new mobile payment announcements and continued enhancements, it is highly likely that mobile payment solutions will see explosive growth in businesses the world over.

What exactly is mobile payment?

Most people would define mobile payment as either using your mobile device as a wallet, or using mobile devices to accept payment. Many services allow users to link credit cards to their mobile device and simply scan it over a pay terminal to have their account charged.

Companies on the other hand usually pay a set per-transaction fee in order to use the system; something along the lines of, or slightly cheaper than, most credit or debit-based payment terminals.

If you are considering switching over, here is a brief overview of the most common payment solutions.

PayPal

In late September Internet auction giant eBay announced that they will be spinning off their popular Internet payment system PayPal sometime in 2015. While many users will utilize PayPal to pay online, there is actually a mobile payment solution called PayPal Here, which is expected to grow immensely.

With Here, you get a payment solution app with a card reader that plugs into most smartphones (Android, iPhone, iPad, Android tablets) and allows you to accept multiple types of payment from anywhere you have an Internet connection. You can even track cash payments and record checks.

Vendors can use this app free of charge, however they are charged a 2.7% per swipe fee, based on the amount of the transaction.

Apple Pay

Apple Pay is Apple's recently announced mobile payment system that utilizes NFC (Near Field Communication) on the iPhone 6. Users with an iPhone 6 will be able to link their credit cards to their phone and then will hover their device near a terminal and press their thumb on the device's fingerprint reader to pay.

Your payment information (an account number linked to your card. Apple has noted that actual card numbers are not stored) is stored in the Passbook, and will be accepted at an initial 220,000 stores in the US when it launches sometime in October. There is a good chance that small to medium businesses will be able to integrate this solution into their business in the near future, so it would be a good idea to keep an eye on this.

What is interesting is that many banks have announced that they are considering accepting, or will accept Apple Pay as a method of payment. This means that businesses with an existing NFC payment terminal - which is often provided by a bank - should be able to accept payment (if the bank does of course).

Rumors have it that merchants will not be charged a transaction fee to use this service; details will be solidified when the system goes live.

Square

Square is arguably the most popular, or at least the most well known, mobile payment system. With a card reader that is compatible with most popular mobile devices (Android, iPad, iPhone) users can set up a whole Point of Sale system via the Square Stand and accept a wide variety of payments.

To use this solution, you need either the card reader (which is free) or the Square Stand (which costs around USD $99). For each transaction there is a fee that starts at 2.75% for credit and debit cards.

Amazon's Local Register

Introduced in mid August, this new card reader is aimed at both PayPal and Square solutions. As with these, there is a card reader that can be plugged into most devices (Android, iPad, iPhone) and an app that goes along with it. Businesses with the reader can then use the device to accept payment.

Where this solution differs is that the reader costs USD $10 to purchase. That being said, the USD $10 is refunded towards your first transaction fees upon signing up. The transaction fees are also quite a bit lower. For businesses that sign up before October 31, 2014, there is a flat rate of 1.75% per swipe until January 1, 2016. Any business that signs up after this date will pay a flat rate of 2.5% per transaction (based on the total transaction amount).

Google Wallet

Google Wallet is a hybrid mobile and online payment solution that allows users to add credit cards to their wallet and pay for things either online, or at stores with NFC payment terminals (also called contactless terminals).

While most users who have made a purchase on Google Play, or have used their Google Account to make a payment have used Wallet, this hasn't been the most popular of solutions when it comes to customers using it to pay in-store. The reason for this is because there are only a limited number of devices with the required NFC radio (two to be exact). This system is also currently limited to the US only. Customers around the world can use Google Wallet to pay online however.

There is a good chance that with the recent new announcements and upcoming mobile payment products, Google will be pushing this out to more devices in the near future.

There are other mobile payment system options available, so it is a good idea to contact us before you implement one. We can help you not only find a solution that works for your business, but ensure that it can be integrated into your existing systems.

Published with permission from TechAdvisory.org. Source.

October 8th, 2014

iPad_Oct07_BFor iPad 2 and newer users, you are likely already aware of the fact that iOS 8 has been released, and are probably already using it. While the new version of the popular system introduces a number of great changes and features, there has been reports that the update has led to some older devices seeing a drop in their battery life. If you think this is happening to you, it would be a good idea to find out which apps are using the most battery power.

How to see the battery power apps are using on iOS 8

One of the first things you should do when you notice that your battery is draining faster than normal is to look at how much power each app is using. This can be done by:
  1. Tapping on the Settings app.
  2. Selecting General from the menu bar on the left-hand side of the Settings app.
  3. Tapping on Usage which is located in the menu that opens in the right side of the screen. Selecting Battery Usage.
In the window that opens you will be able to see basic battery information like how long you have used the device since its last charge, and how much power has been used. While this is useful in its own right, there is also valuable information about what apps are using the most power.

This data displays apps that are using the most power first, so you can quickly see what apps are power hungry and take action. In iOS 8, a new tab was actually introduced into the Battery Usage tracker, which shows a seven day running average of the most power hungry apps.

Tapping on the tab that says Last 7 Days at the top of the screen will bring this information up. This is useful because it gives you a better view of the truly power hungry apps.

What do I do with apps that are really draining my iPad's battery?

There are a number of things you can do, including:
  • Uninstalling the app: If the app with the highest battery drain isn't overly useful, then possibly the best step to take would be to uninstall it. Another option may be to look for a similar app and give that a try to see if it fares any better on battery use.
  • Change when you use the app: Some apps, like video recording suites, bandwidth or processing-heavy apps like games, drain your battery quickly when they are running. Instead of using them while on battery power, try to use them when your iPad is plugged into a power source.
  • Limit use until the app is updated: If you are experiencing battery drain, there is a good chance that other users are as well. You can either limit the use of the app until an app update is issued, (most updates will usually fix battery issues), or try to contact the developer directly. Take a look on iTunes for the app and you should see developer contact information there.
  • Dim the display: The iPad has a great display, and many apps look good when you have the display's brightness set at its brightest. The issue with this however, is that a super-bright display will drain your battery quickly. Try turning the display brightness down as low as possible in order to slow how fast the battery is drained.
  • Limit network connections: Similar to your display, having Wi-Fi or Bluetooth radios always on will also drain your battery. If you aren't connected to Wi-Fi, or don't have any Bluetooth devices, then it is best to turn them off. The reason for this is because if they are on, they constantly look for a connection which eats up battery power.
If you are looking for more ways to decrease or manage the power drain on your iPad contact us today to see how we can help.
Published with permission from TechAdvisory.org. Source.

Topic iPad
October 8th, 2014

AndroidTablet_Oct07_BOn your Android tablet you likely have a number of messaging apps installed. One of the more common is Google Hangouts, which allows for cross-platform messaging, chatting, and even calling. In recent months, the app has been updated to not only increase usability and looks, but also implement new calling features.

Looking at the new version of Hangouts

In late September, Google launched a new version of Hangouts for Android devices. With it came a new redesign that reflects the upcoming Android L's Material Design look. When you update and launch the app you will notice that it has changed slightly, with a light green bar across the top and three to four icons:
  • A person: Tapping this will show you your connections, ranked by frequent contacts first, then alphabetical after that. Selecting a contact will open up either a new chat (if you have never messaged the person before), or will open up an ongoing chat (if you have messaged them before).
  • A speech bubble: Tapping this will open up existing chats and SMSs (if you have a SIM card for your device) listed in chronological order.
  • A plus sign: Tapping this will allow you to search for a contact to either start a new chat with, or continue chatting with.
  • A phone: This is a new connectable app called Google Hangouts Dialer (more on that below). It may not show up on some devices.
Tapping your name at the top of the bar will slide a menu in from the left with a number of options including: Invites, Archived conversations, Moods, Settings, etc. Overall, the new update makes the app look much better and even easier to navigate.

Looking at Hangouts Dialer

Since 2009, Google has offered VoIP-like calling features through an app called Google Voice. People who signed up for this could make low cost or free calls to anywhere in the US and Canada, and some other countries as well. Like most other VoIP services, they could also call internationally for low rates.

Users in the US could also pick a local number which could be used for incoming calls. When anyone dialed that number, as they would any other mobile or landline number, the call would go over the Internet or data connection. What is interesting about this is that the number was free, so anyone with an existing data connection or Wi-Fi could theoretically obtain a free phone number.

Earlier this year, rumor broke that Google was going to be getting rid of Google Voice. Instead, the company announced that they would be merging it into Google Hangouts, thereby bringing VoIP calling and Google Voice features into the already useful chat app.

In mid September, shortly after the main Hangouts update, the company introduced the Hangouts Dialer app which, when installed, essentially turns the app into a phone. For those with Google Voice accounts, you will be able to migrate your account into Hangouts and continue using the service as you ordinarily would.

Migrating Google Voice to Hangouts

This migration can be done by launching either Hangouts or Voice. You should see a box pop-up on Hangouts asking you if you want to turn on phone calling in Hangouts. If you select yes, you will need to download the Hangouts Dialer app. From here, open the Google Voice app and you should see a blue box at the top asking you if you would like to migrate to Hangouts. Pressing Turn it on! will start the migration.

Once this is complete, you can use either the Hangouts Dialer or Hangouts app to place VoIP or Google Voice calls. For those who don't have Google Voice, or who live in an area where it isn't available, you can still call other contacts using Hangout's VoIP functionality. Just open a chat, and tap on the phone icon at the top of the screen.

This feature, while currently limited to users in the US and Canada, is great for tablet users who are looking for a way to connect to the office, but don't want to shell out for both a tablet and a phone. If you would like to learn more about this app, or how Android tablets can fit into your organization, contact us today.

Published with permission from TechAdvisory.org. Source.

October 7th, 2014

Office365_Oct07_BMicrosoft Office is one of the most popular, and most installed, software suites in the world. For those looking to integrate it into their office, there are essentially two ways you can do so: Purchase Microsoft Office 2013, or Office 365. While you get Office with both of these options, there is confusion as to what the difference is between the two.

What is Microsoft Office 2013?

Microsoft Office 2013 is the latest version of Microsoft's popular Office suite. With apps like Word, PowerPoint, Excel, and more, it is mostly similar to all previous versions of Office. When you purchase this type of Office you receive a number of licenses allowing you to install this on up to five computers or devices - depending on the version (e.g., Home, Student, Professional) of Office that you get.

You can purchase these products outright, as you have done with previous versions of Office, but Microsoft is really pushing their subscription-based version of Office, what they call Office 365. When you subscribe to the Office 365 version of Microsoft 2013, you get the same software as you would if you purchased it outright, the only difference is you pay for it either monthly or yearly, instead of all at once.

What is Office 365 for business then?

Where it gets confusing for many is that in 2011 Microsoft launched a cloud-based version of Office for businesses also called Office 365. Despite the same name as the subscription-based version of Office 2013, this is a different product that is aimed at businesses.

Office 365 for businesses is a monthly (or yearly) per-user subscription service that offers businesses productivity software, enhanced communication apps like email and video conferencing; guaranteed security; and support for intranet and collaboration solution SharePoint.

With Office 365 for business, companies can sign up for a number of plans. Some of them, like Office 365 Small Business Premium and Office 365 Midsize Business, offer full versions of Office 2013 (including Word, Excel, PowerPoint, Lync, Outlook, Notes, Access, etc) that users can install on their computers or mobile devices. Other versions, like Office 365 Small Business, come with Office Web Apps which can be accessed via your browser.

Which is better for business?

Most businesses will benefit more from Office 365 because of the extra features and enhanced security. Not to mention the fact that the monthly per-user cost is usually lower when compared to licensing the same version of Office 2013 for each individual.

Some other benefits Office 365 for Business include:

  • All users are on the same version of Office: Because Office 365 for Business is based in the cloud and is managed via a central admin panel, you can ensure that all users have exactly the same version of Office, which in turn ensures that your files will be compatible.
  • Reduced licensing costs: If you were to purchase individual versions of Office 2013 for your employees, you could end up paying over USD $399 for the Professional version which can only be installed on one computer. Compare this with Office 365 Small Business Premium which costs USD $12.50 per user, per month and offers the same version of Office, along with more features.
  • Enhanced security and uptime: Microsoft guarantees that Office 365 software will be up and running 99.9% of the time, which means the programs you rely on will be available when you need them.
  • It's more mobile: With Office Web Apps and Office 2013 mobile apps you can take your work anywhere. Combine this with solutions like SharePoint which allow you to store documents in a central location, which makes it easier to access your files while out of the office. Beyond that, if you would like to use the Office mobile apps, you will need an Office 365 subscription.
If you are looking to integrate Office 365 into your organization, or would like to learn more, contact us today.
Published with permission from TechAdvisory.org. Source.

October 3rd, 2014

Genhealth_Oct02_AFor the first time ever, achieving meaningful use depends on patient behavior: Meaningful use Stage 2 requires at least 5 percent of a health-care provider's patients to be engaged in their own care— either through an electronic medical record (EMR) or an online portal.

The push for patient engagement is understandable, if data provided by the Robert Wood Johnson Foundation is accurate. According to the foundation, patients who are not engaged in their own health care can cost 21 percent more than patients who are highly engaged.

But, many health-care providers are worried about the patient engagement requirement, and for good reason: To some extent patient engagement is out of the physician’s control. But it doesn’t have to be, with good communication, both in the office and via electronic followup.

The first step is letting your patients know you have an online portal, which they may not be aware of. According to a survey from Technology Advice, a consulting firm, 40 percent of people who saw a primary-care physician within the last year didn’t even know if the physician offered a portal.

Keep in mind, however, that you may want to do more than create and communicate about a patient portal. By creating a vehicle that connects all stakeholders across the health-care continuum—patients and physicians alike—you truly elevate the patient experience.

If you are looking for help meeting these requirements, contact us today to learn how our systems and experts can support your practice.

Published with permission from TechAdvisory.org. Source.

October 2nd, 2014

Security_Sep29_BBusiness owners and managers are becoming increasingly worried about the security of their systems and networks. While the vast majority have implemented some form of security, this may not be enough. In fact, we have helped a number of businesses with flawed security measures in place. The issue is, how do you know if your security is working sufficiently? Here are five common security flaws you should be aware of.

1. Open wireless networks

Wireless networks are one of the most common ways businesses allow their employees to get online. With one main Internet line and a couple of wireless routers, you can theoretically have the whole office online. This method of connecting does save money, but there is an inherent security risk with this and that is an unsecure network.

Contrary to popular belief, simply plugging in a wireless router and creating a basic network won't mean you are secure. If you don't set a password on your routers, then anyone within range can connect. Hackers and criminal organizations are known to look for, and then target these networks. With fairly simple tools and a bit of know-how, they can start capturing data that goes in and out of the network, and even attacking the network and computers attached. In other words, unprotected networks are basically open invitations to hackers.

Therefore, you should take steps to ensure that all wireless networks in the office are secured with passwords that are not easy to guess. For example, many Internet Service Providers who install hardware when setting up networks will often just use the company's main phone number as the password to the router. This is too easy to work out, so changing to a password that is a lot more difficult to guess is makes sense.

2. Email is not secure

Admittedly, most companies who have implemented a new email system in the past couple of years will likely be fairly secure. This is especially true if they use cloud-based options, or well-known email systems like Exchange which offer enhanced security and scanning, while using modern email transition methods.

The businesses at risk are those using older systems like POP, or systems that don't encrypt passwords (what are known as 'clear passwords'). If your system doesn't encrypt information like this, anyone with the right tools and a bit of knowledge can capture login information and potentially compromise your systems and data.

If you are using older email systems, it is advisable to upgrade to newer ones, especially if they don't encrypt important information.

3. Mobile devices that aren't secure enough

Mobile devices, like tablets and smartphones, are being used more than ever before in business, and do offer a great way to stay connected and productive while out of the office. The issue with this however is that if you use your tablet or phone to connect to office systems, and don't have security measures in place, you could find networks compromised.

For example, if you have linked your work email to your tablet, but don't have a screen lock enabled and you lose your device anyone who picks it up will have access to your email and potentially sensitive information.

The same goes if you accidentally install a fake app with malware on it. You could find your systems infected. Therefore, you should take steps to ensure that your device is locked with at least a passcode, and you have anti-virus and malware scanners installed and running on a regular basis.

4. Anti-virus scanners that aren't maintained

These days, it is essential that you have anti-virus, malware, and spyware scanners installed on all machines and devices in your company and that you take the time to configure these properly. It could be that scans are scheduled during business hours, or they just aren't updated. If you install these solutions onto your systems, and they start to scan during work time, most employees will just turn the scanner off thus leaving systems wide-open.

The same goes for not properly ensuring that these systems are updated. Updates are important for scanners, because they implement new virus databases that contain newly discovered malware and viruses, and fixes for them.

Therefore, scanners need to be properly installed and maintained if they are going to even stand a chance of keeping systems secure.

5. Lack of firewalls

A firewall is a networking security tool that can be configured to block certain types of network access and data from leaving the network or being accessed from outside of the network. A properly configured firewall is necessary for network security, and while many modems include this, it's often not robust enough for business use.

What you need instead is a firewall that covers the whole network at the point where data enters and exits (usually before the routers). These are business-centric tools that should be installed by an IT partner like us, in order for them to be most effective.

How do I ensure proper business security?

The absolute best way a business can ensure that their systems and networks are secure is to work with an IT partner like us. Our managed services can help ensure that you have proper security measures in place and the systems are set up and managed properly. Tech peace of mind means the focus can be on creating a successful company instead. Contact us today to learn more.
Published with permission from TechAdvisory.org. Source.

Topic Security
October 2nd, 2014

Hardware_Sep29_BTake a look at your computer screen or mobile device. Chances are that at least one of them is slightly dirty, possibly along with your keyboard or laptop as well. It is inevitable that your computers and mobile devices will eventually get dirty with dust and grime, what's important is that you know how to go about cleaning them.

Cleaning desktop monitors

The monitor on your desktop is what many people spend the majority of their days in the office looking at. A clean monitor makes it easier to see your desktop more clearly. The best way to clean your monitor is to turn it off first, then take a microfiber cloth (these can be purchased at many optical stores as well as computer stores) and gently rub in a circular motion.

If there are still spots, then dip the cloth in a tiny bit of water - don't spray the water onto the screen - and try cleaning again. It is important that you don't press hard on the screen, as this could damage your monitor's pixels. Also, it is not a good idea to use paper-based products like paper towel or tissue, as they will not only leave residue, but may actually scratch the monitor slightly.

Cleaning mobile screens

Mobile and other touch screens usually will get your fingerprints all over them, making it harder to see what you are looking at. The best way to clean these screens is with a microfiber cloth. For tougher to remove spots you can dip the cloth into a small amount of water and then gently wipe the screen. Don't splash water onto it before cleaning, as water could get inside the device, which will likely void the warranty while potentially ruin internal components.

Some people suggest rubbing alcohol to remove fingerprints and disinfect the device. While this will be ok for some screens, many manufacturers recommend against it because the alcohol can eat away at the protective film on some devices.

If you notice that there is a lot of dust or gunk on the edges of your screen, or even in cracks, you may need to take the device into a mobile shop for further cleaning. Do not open the device yourself as this could void the warranty.

Cleaning your keyboard

Our fingers are touching keyboards almost all day, and after a while you will notice that your keyboard gets a bit grungy, with debris and dirt even between the keys. Before you do start cleaning, be sure to unplug the keyboard, or turn it off if it is wireless. To clean the upper parts of the keys - where your fingers strike the keys - try dipping cotton swabs into rubbing alcohol and then cleaning the keys with a gentle rub.

To clean between keys you will need compressed air which can be purchased at most office supply and computer stores. Spraying in between keys should be enough to get rid of most of the dust and grit.

Cleaning your mouse

Like the keyboard, the mouse can get quite dirty too, with grime from your fingers and dust in general. The best way to clean a mouse is to first unplug it and then use cotton swabs dipped in rubbing alcohol to gently clean it. You should not need to open your mouse and most models are designed to not be opened by users.

Cleaning your laptop's body

If your laptop's body is dirty the most effective way to clean it is to turn it off, unplug it, and clean it with cotton swabs dipped in rubbing alcohol. Some online articles recommend using a Mr Clean Magic Eraser, or similar cleaning tool. While this does work, it acts in the same way as super fine sandpaper, so you have to be careful that you do not end up actually lightly scratching the body.

Cleaning your computer tower

Some people may want to clean their desktop computer's tower. While this is doable by taking a slightly damp microfiber cloth and wiping down the front and side of your tower, we strongly recommend avoiding the back, and certain areas of the front, as there are ports and components that could be easily damaged.

As always, be sure to disconnect the power source and all wires before cleaning, as any water damage could ruin your computer.

Cleaning the inside of your computer

Dust will eventually get into the inside of your computer and could clog up cooling fans, causing them to stop working properly. This can potentially lead to other components overheating. The internal components of your computer are extremely fragile and need to be handled with great care. Do not take the case off of your computer as this usually voids your warranty.

For all of your computer needs our technicians are here to help.

Published with permission from TechAdvisory.org. Source.

Topic Hardware
October 1st, 2014

BCP_Sep29_BWhen it comes to business continuity, many business owners are aware of the fact that a disaster can happen at any time, and therefore take steps to prepare for this, usually by implementing a continuity plan. However, the reality is that many businesses implement plans that could lead to business failure. One way to avoid this with your continuity strategy is to know about the common ways these plans can fail.

There are many ways a business continuity or backup and recovery plan may fail, but if you know about the most common reasons then you can better plan to overcome these obstacles, which in turn will give you a better chance of surviving a disaster.

1. Not customizing a plan

Some companies take a plan that was developed for another organization and copy it word-for-word. While the general plan will often follow the same structure throughout most organizations, each business is different so what may work for one, won't necessarily work for another. When a disaster happens, you could find that elements of the plan are simply not working, resulting in recovery delays or worse. Therefore, you should take steps to ensure that the plan you adopt works for your organization.

It is also essential to customize a plan to respond to different departments or roles within an organization. While an overarching business continuity plan is great, you are going to need to tailor it for each department. For example, systems recovery order may be different for marketing when compared with finance. If you keep the plan the same for all roles, you could face ineffective recovery or confusion as to what is needed, ultimately leading to a loss of business.

2. Action plans that contain too much information

One common failing of business continuity plans is that they contain too much information in key parts of the plan. This is largely because many companies make the mistake of keeping the whole plan in one long document or binder. While this makes finding the plan easier, it makes actually enacting it far more difficult. During a disaster, you don't want your staff and key members flipping through pages and pages of useless information in order to figure out what they should be doing. This could actually end up exacerbating the problem.

Instead, try keeping action plans - what needs to be done during an emergency - separate from the overall plan. This could mean keeping individual plans in a separate document in the same folder, or a separate binder that is kept beside the total plan. Doing this will speed up action time, making it far easier for people to do their jobs when they need to.

3. Failing to properly define the scope

The scope of the plan, or who it pertains to, is important to define. Does the plan you are developing cover the whole organization, or just specific departments? If you fail to properly define who the plan is for, and what it covers there could be confusion when it comes to actually enacting it.

While you or some managers may have the scope defined in your heads, there is always a chance that you may not be there when disaster strikes, and therefore applying the plan effectively will likely not happen. What you need to do is properly define the scope within the plan, and ensure that all parties are aware of it.

4. Having an unclear or unfinished plan

Continuity plans need to be clear, easy to follow, and most of all cover as much as possible. If your plan is not laid out in a logical and clear manner, or written in simple and easy to understand language, there is an increased chance that it will fail. You should therefore ensure that all those who have access to the plan can follow it after the first read through, and find the information they need quickly and easily.

Beyond this, you should also make sure that all instructions and strategies are complete. For example, if you have an evacuation plan, make sure it states who evacuates to where and what should be done once people reach those points. The goal here is to establish as strong a plan as possible, which will further enhance the chances that your business will recover successfully from a disaster.

5. Failing to test, update, and test again

Even the most comprehensive and articulate plan needs to be tested on a regular basis. Failure to do so could result in once adequate plans not offering the coverage needed today. To avoid this, you should aim to test your plan on a regular basis - at least twice a year.

From these tests you should take note of potential bottlenecks and failures and take steps in order to patch these up. Beyond this, if you implement new systems, or change existing ones, revisit your plan and update it to cover these amendments and retest the plan again.

If you are worried about your continuity planning, or would like help implementing a plan and supporting systems, contact us today.

Published with permission from TechAdvisory.org. Source.

September 25th, 2014

WindowsPhone_Sep25_BApps are an integral part of all smartphones, regardless of the platform you use. Without them, our devices would be more or less useless. The issue with apps however is that because they are necessary, malicious people develop fake apps that they then try to get on to app stores. If say a Windows Phone user downloads this app, it can cause problems. Therefore, it is a good idea to know how to spot fake apps and what to do with them.

To begin with, we should make clear that app store hosts like Microsoft do have strict security measures in place that strive to keep malicious software off of stores and therefore users' devices. That being said, there is always a chance that an industrious hacker can subvert these security controls and get their app onto the online stores. To counter this, here's four tips on how you can spot fake or malicious apps.

  • Look at the name - If you are looking at an app on the Windows Phone Store, always look at the name of the app. Some malicious software that has made its way onto the Store has had a spelling mistake in the name. If in doubt, do a quick search on the Internet for the app and the correct spelling. Should nothing turn up, it may be a good idea to avoid it.
  • Look at the publisher information - All apps for Windows Phones require that the developer/publisher includes information about the app and themselves. If you are looking to download what seems like a popular app, take a look at the listed producer or developer, and then search on the Internet for their site. If the developer of the app appears to be different, or there are differences in the spelling, it is best to avoid installing it.
  • Look at social media stats - On the Windows Phone Store, below the install information, are counters for social media likes and shares. If the app information states it is a popular app and yet there are no social shares, then this may indicate it is actually fake. You should therefore err on the side of caution.
  • Look at comments - Lastly, look at the comments/reviews of the app. The Windows Phone Store uses stars to provide a quick overview of how much people like each app, but if you read comments you can quickly get an idea of exactly what people say about specific apps. If you see words like Fake, Doesn't work, etc. then it is a good idea to skip installing it.
While it can help to be able to identify apps, you should also know how to report apps that you believe are malicious or fake. You can do so by:
  1. Opening the app's page on the Windows Phone Store.
  2. Scrolling down and clicking on Report concern to Microsoft.
  3. Selecting from a list of complaints. Note: Pick the one that is most appropriate to the issue, for example if it is a fake app then select Misleading app.
  4. Pressing Submit.
The plus side of the Windows Store is that Microsoft does usually act quickly to remove identified apps, so the actual chances of you downloading one are fairly low. But, it is always better to be safe than sorry. If you are looking to learn more about Windows Phones and how they can fit into your organization, contact us today.
Published with permission from TechAdvisory.org. Source.