Minding Your PDQs with BYOD

One of the hottest topics in IT management right now is Bring-Your-Own-Device (BYOD) -- employees using their own personally-owned smartphones and tablets for work purposes. There's no point questioning whether or not to allow it: according to Forrester Research, more than half of employees are already using their own devices for work, and the IT research giant predicts that BYOD will be standard policy within 3 years. From a business point of view, BYOD is great news. Your employees can be productive anywhere using the tools they like best, and their devices don't come out of your budget. But from IT's perspective, BYOD is a potential security nightmare. If an employee's mobile device is lost or stolen, your company could lose control of sensitive information — bank accounts, donor lists, patient records, investment account — and incur significant business, legal, fiscal, and reputational damage. But since your employees are using multiple operating systems on a seemingly infinite variety of devices, each running an ever-changing array of apps, there's no one-size-fits-all way to protect that information. As a BYOD company ourselves, Xantrion is extremely familiar with the privacy and security concerns BYOD raises, as well as the mitigating measures companies can take. We've evaluated the leading mobile device management solutions and identified which ones best suit specific situations. We also understand the operational best practices, like organization-wide BYOD policies and employee training, that optimize the effectiveness of technical controls. Letting employees use their own mobile devices doesn't have to mean losing control of your business data. Call us today for help sorting through your many options and developing a custom-tailored BYOD strategy.

Smaller Businesses Have Become Bigger Targets for Digital Criminals

We've never seen anything like it. In 2013 alone, hackers and fraudsters have made more attempts to compromise our clients' data security than they did in the previous ten years combined. The primary targets seem to fall into two categories: businesses that handle large sums of money (investment advisors, accounting firms, payroll companies) and those with revenues between $10 million and $50 million. We suspect thieves choose these small and midsize businesses because they're big enough to be profitable targets, but small enough to lack enterprise-scale security. Digital risk management needs to be a top priority for your business even if it isn't in one of these higher-risk categories. Banks are shifting part of the liability for fraud from themselves to their customers, and insurance companies are denying coverage to applicants who aren't proactive enough about protecting themselves, so start laying the groundwork today: Supplement the technology you use to block technical attacks, like mobile device encryption, with procedural defenses to protect against sophisticated social attacks. Ask your bank and/or auditor about best practices to protect your electronic financial transactions -- for example, requiring two confirmations for transfers over a certain dollar amount, or using a dedicated banking PC with Internet access restricted to your bank's website. Consider having your business formally audited so you can use the audit to prove your adherence to best practices to insurance carriers, business partners, and regulatory agencies. Work with an attorney to develop a response to fraud and data breaches before you need it. Contact Xantrion today to find out more about how we can help you fend off security breaches and manage digital risks to your business.

IMPORTANT NOTICE: Win XP end of life April 2014

It's always hard to say goodbye -- but if your company is still using Windows XP, the time has come to part. Microsoft has announced that April 2014 will mark XP's official End of Life (EOL). After that date, Microsoft will no longer provide paid support or security patches. For security and performance reasons, we strongly advise our clients not to continue using XP past EOL — or to wait until the last minute to implement a newer operating system.  Of the thousands of computers we support, nearly one in four is currently running Windows XP, so we expect high demand for our help making the migration to Windows 7 or 8. To ensure a smooth transition, we will contact you to begin the planning process.

Customer Kudos for Xantrion Consultant

Nothing makes us happier than positive feedback from a client, and Xantrion consultant John Warno gets lots of positive feedback from the clients he serves. But don't take our word for it — here's the most recent email we received from one of his satisfied clients.

Good morning Anne and Tom,

I have been meaning to give some feedback on John for a while.  He has always done a great job for us, very client-oriented, technically proficient and very easy to work with.  His personal style has made it  easy for our staff to work with him, which has helped us address our IT issues when they come up.  We were grateful to have him.  As a someone who runs a firm that sells professional services, I understand how important and rare it is to establish that kind of relationship with a client.

So this week I’m working in our office in LA.  John was here when I came in yesterday.  Listening to him talk to our staff here, from our regional VP to our administrative assistant, I was struck by his genuine desire to be helpful and his professional yet open, warm manner.  You guys should be proud of him because he represents Xantrion so well.  We feel very fortunate to have him working with us.

I hope you are both well and thriving.  Things are going well for us as we move through an exceptionally busy year.  Xantrion and John are part of what has made us successful.

Many thanks,

Paul

Paul Harder | President

Harder+Company Community Research

Secure, Speedy and Standardized Around the World: A Global Client Adopts DaaS

When your organization is dedicated to providing clean water and hygiene, health care, and education to disadvantaged communities around the globe, you don't let little things like time zones and language barriers stand in your way. On the other hand, not being able to exchange email and files dependably with your employees around the world is a big problem. When Oakland-based international development organization East Meets West realized most of its employees were using personal email accounts to work around its unreliable hosted Outlook and Citrix solutions, it turned to Xantrion for an alternative.

In evaluating the organization's existing infrastructure, Xantrion engineer Jeremy Davis discovered the cause of the slow logins, frequent crashes, and long lag times bogging it down. The hosted applications were several updates behind — and more critically, were on an over utilized shared server architecture.

Davis set up Xantrion’s Desktop-as-a-Service (DaaS) solution to rectify the situation. He set up a new infrastructure for the nonprofit in Xantrion's Denver colocation facility, then replaced all the aging desktops in its Oakland headquarters with thin clients, or “dumb” terminals, running Citrix. To ensure overseas users in countries like Myanmar and Cambodia have the same experience as their US counterparts, he remotely installed and configured DaaS for those who speak English and walked local IT pros through the installation process in other languages.

The nonprofit began using its Xantrion Desktop-as-a-Service (DaaS) solution on June 1, and corporate controller Burt Thompson reports that the service and support are both exceeding expectations.

"Our CFO was recently traveling through China, and the connection was wonderful wherever he went, even in remote locations with minimal bandwidth," Thompson says. "We're able to give network access to employees who previously couldn't even do simple things like log on to check email. Now that we have a more reliable system, we can spend less time trying to work around inefficiencies and more time doing positive things with IT."

Hacks & Attacks: Smaller Isn't Safer

Your business may be small, but you still need to think about protecting your important data and assets. According to Symantec's latest Internet Security Threat Report, 31% of all deliberately targeted hacker attacks are now aimed at SMBs, a 13% increase in just one year.  Why? Simple: SMBs typically have less network security than larger companies, and that makes them low-hanging fruit. Tech startups, accounting firms, legal practices, and other thriving SMBs can be temptingly juicy, both for their own resources and as a convenient springboard for a larger attack.  In fact, we have seen a couple of small businesses be targets of payroll and banking attacks locally over the past 3 months.

Typically, hackers leapfrog over standard network security with social engineering. They gather data from social networking sites about a specific victim within a company. Using that data, they craft email that looks like it originates from a known and trusted source ("spear phishing") or they spoof or infect a website the victim visits frequently ("waterholing"). When the victim opens the email or visits the site, it launches sophisticated malware that gives the hackers more access to the network so they can steal its data or use it to attack other targets.

In an era of socially engineered attacks, the best defense is to assume you're a target. You don't have to give up social networking sites. You do, however, need to start thinking about your employees themselves as your first line of defense. Start by raising company-wide awareness about spear phishing, waterholing, and other targeted attacks. After that:

-Develop comprehensive security policies and procedures.
-Review those policies and procedures with employees.
-Enforce them without exception. No one, even your top officers, should be exempt.
-Re-evaluate them regularly to ensure they're up to date.

Xantrion stays on top of security trends and follows industry best practices for blocking known attacks and mitigating the damage from any that get through. Let us help you evaluate your risks and develop policies and practices to manage them — call us to get started right away! 

The Invisible Hole in Your Data Security

Data security is about a lot more than just passwords and firewalls. You may be overlooking serious risks to your business simply because you don't realize they're risky.

One current IT trend is a perfect example: allowing your employees to use their own smartphones and tablets on your corporate network. Letting employees access business information on personal devices wouldn't be so popular if it didn't have obvious benefits. On the other hand, it also has some potential drawbacks you may not have considered.

Imagine one of your employees losing a smartphone to a street thief. It shouldn't take a huge stretch of imagination -- smartphone-related street crime is growing nationwide and now accounts for more than half of all robberies in San Francisco. (In fact, one of our own team members was recently waiting at a bus stop when someone ran up and snatched an iPhone from the hands of the person standing next to her.)

Now, imagine your employee emailed himself an unencrypted document containing sensitive data like banking information, health records, or Social Security numbers. He intended to retrieve and work on it later on a secured laptop, but all his email gets pushed to his now-stolen smartphone, too. That document is now out of your company's control.

Granted, most thieves simply wipe stolen devices and resell them, but money and business secrets aren't the only things you could lose. With privacy laws requiring you to disclose the loss of confidential information, you now face potential fines for noncompliance -- not to mention the hit to your company's reputation.

Theft shouldn't be your only worry, either. What if you're accused at a trade show of trying to steal a competitor's business secrets by taking photos with the personal phone you also use for business? If your accusers seize your phone to copy its contents, they now have access to all your personal and corporate data. If you refuse to turn over your phone, your competitor may sue and subpoena its contents, which puts your company at risk of both a data breach and a hefty legal bill.

Security breaches often happen for one of these reasons:

1. You didn't follow your own data security policies.

2. Your data security policies aren't reasonable or realistic.

3. You don't have data security policies to begin with.

Let Xantrion help. We'll work with you to find the holes in your data security, patch them, and create security policies that make sense for the needs of your business. Contact us today to schedule an assessment.

Windows 8: Yes or No?

Windows 8 is visually different from earlier versions of the Windows OS we've all grown used to. After spending several weeks testing it to decide whether or not to recommend it to our clients, our engineers have reached a consensus: Don't upgrade unless you need to.

To be fair, many of the changes "under the hood" boost speed and performance, especially on laptops and aging desktops. On the other hand, the new Metro user interface is confusing and counterintuitive to anyone who isn't already familiar with it from using a Windows tablet. We're expecting lots of support requests from users who get lost trying to perform basic tasks like exit, shutdown, and restart.

If you do need to upgrade, we can disable Metro and configure Windows 8 so it works more like Windows 7. However, we can only think of a handful of reasons to upgrade:

• You're currently running Windows XP and want to be able to use Office 2013.
• You plan to deploy Windows tablets, and you want to use the same OS on your laptops and desktops.
• You plan to add a large number of computers with Windows 8 preinstalled, and you want to upgrade your existing computers for consistency. 

If you're still not sure whether Windows 8 is right for your business, give us a call. We'll help you sort it out.