Online Storage - Taking Your First Steps Into The Cloud

In 5 years, Dropbox, the online file storage company has grown to a user base of 50 million users worldwide. That’s great news for their founders Drew Houston and Arash Ferdowsi, but why is the technology so popular, and how can it help small businesses? Also, let's not forget that the online world carries some risk. Is it safe to use online storage, and what security precautions should be taken to protect your data in the cloud?

Why Is Online Storage So Popular?

Online file storage is cheap (free in some cases), simple to use, and incredibly convenient if you need to access files both in the office and at home. It allows you to access your files from your work PC, your home PC, as well as from any tablet device or Smartphone. It also overcomes the attachment size limitations of email by allowing you to upload the file to your online storage and create a link to the file that you can then email to the intended recipient. They then simply click on the link and download the file via a  web browser. 

Synchronising Data To The Cloud From Your PC

Most online storage services allow you to create a synchronisation folder on your Windows PC's into which you can "drag an drop" files that you want to upload to your cloud storage. This saves you having to log in to your cloud storage every time you want to upload a file, and also keeps your online files and folders in sync.

Integration With Tablets And Smartphones

My initial reason for using online storage was to allow me to access client documentation on my iPad. Apps are available for Smartphones and tablets (Android and Apple iOS) that allow you to access files that have been uploaded to your cloud storage. You will also find that some third party Office Apps available for Android and iOS plug straight in to online storage such as Google Drive which allow you to edit documents stored online. This is in fact my favourite feature of cloud storage, and I use it regularly to write blog posts at home while watching television (How much attention can you really give to Masterchef?). 

There is also an additional feature in Trend Micro SafeSync For Business which is worth mentioning, in its ability to allow you to view Microsoft Office and Adobe Acrobat documents on Android and iOS devices without running a Microsoft Office editor / Adobe Reader. I use this capability most on my Smartphone to access price lists as well as product documentation that I store online for reference while I am out of the office. It saves having to wait until I get back to the office to check out specific questions that people ask from time to time.

Data Backup

One of the obvious applications for online data storage is for online backup. Over the years, tape backup has proven to be unreliable, and no amount of onsite backup provisions can protect you against fire / flood. We strongly recommend that all companies should implement online backup for their data, since it provides the only reliable way of making sure that you can recover your data when you most need to.

Data Security 

As with all things cloud, data security is a consideration. Companies such as Trend Micro and Google have a pretty good handle on data security, but the weak point if there is one will always be a reliance on passwords. For general use, I would suggest that you simply use strong passwords including letters, numbers and at least one special character. It sounds complicated, but once you have worked out a system it's fairly simple to work with. Alternatively, if you need to make sure that it is only your employees who are able to access your data online, then I would recommend using Google Apps since Google allows you to authenticate access to the system using "one-time-passwords" (i.e. they change every time you log in) generated on your employees' Smartphones. This capability is provided by Safenet's Cloud Authentication Service, so you don't have to install security software on your network to keep your cloud storage secure

The US Patriot Act

If you are going to be using a provider of online storage who uses a US datacentre, you also need to take the US Patriot Act into consideration. Under the US Patriot Act, the CIA can demand to see your data if it is kept in a US datacentre. If you have concerns about this, then use a service that uses European Data Centres.  

Clearview Data Systems provide IT Service / Support and cloud computing services to Hertfordshire and the surrounding area. If you need advice on storing your data in the cloud, please call us on 01707 255060 or send an email to info@clearview.co.uk.

Helping Your Staff Work More Productively With Mobile Computing

Mobile computing technology allows company employees to work as productively from home or hotels as they can from the office, but the face of computing technology is changing. Employees no longer want to be tied to using company laptops when they have a PC at home. What’s more, Smartphones and tablets have now become as ubiquitous as the traditional mobile phone ever was, providing low cost computing for employees to access company information.

As a consequence, cost conscious business owners can now avoid the need to fund and manage mobile communications for their staff by establishing a “bring your own device” (BYOD) policy, and allowing employees to select their own mobile devices for work.

Maintaining Security For Mobile Working

Companies have been using simple VPN technology built into firewalls to provide mobile computing for laptop users for a number of years, but as the range of devices that companies want to be able to support for remote working expands, different approaches need to be adopted to reflect the degree of trust that you place in the device connecting in to ensure that your IT systems are not exposed to an internet hack or security breach. You may have full control over software that is installed on company laptops, but this is not going to be the case if you allow employees to use their own PC’s or tablets.

• Laptops – Company laptops generally need full access to your company network. Nonetheless, if an “infected” laptop logs into the network, malware can be spread through your network causing your systems to crash. Laptops should therefore be screened before connection to your network to ensure that they have no unauthorised applications / malware installed. Screening for critical Windows patches and up-to-date antivirus can either be performed in the office using Network Access Control (NAC) software which is built in to the endpoint security software of the major security companies, or using VPN Gateways for remote users which will only permit access to your company network once the device connecting has been certified as “clean”.

• Home PC’s – Even though you have no control over software installed on your employees’ home PC’s, it is still possible to allow them to access your internal systems securely providing you restrict the applications that they have access to on your network using a VPN Gateway which can selectively permit access to your network while maintaining a degree of separation to prevent malware infection. In this way, it is possible to provide secure access to email and file shares from any device. You can also provide secure access to other business applications via Windows Terminal Server / Citrix providing your employees had administrator access to the PC being used to connect in. The VPN Gateway can even provision the appropriate “thin client” to the home user’s PC without them having to install the software locally.

• Smartphones / Tablets - Apps designed to run on smartphone operating systems undergo stringent review before being published on Google Play or the Apple AppStore. Device interrogation is therefore less critical for a tablet or Smartphone than for a laptop and in practice it is difficult to control apps installed on tablets or Smartphones. It is quite straightforward to provide access to corporate email and files on file shares from mobile devices, and access to line of business applications can be provided via a web browser. Mobile Device Management software should however be considered to ensure that password / PIN security is enforced to prevent unauthorised access to the device (and thereby to your network), as well as to ensure that company data is erased in the event that the device is lost, or that an employee leaves your company.

The Impact Of Cloud Computing

In many ways, mobile working and cloud services go hand in hand. You can now access your company business applications from any internet connected device using either Software-As-A-Service (SAAS) applications or Hosted Desktop technology which allows you to access your existing business applications via a web browser. Mobile Computing support isn’t however the primary driver for adoption of cloud computing. The ability to run any business software application for your company without having to invest in hardware and skilled technicians to maintain it is cloud computing’s primary attraction, but mobile computing has been the trigger for a number of companies to take their first steps into the cloud.

Keeping Hackers Away

Once you allow your staff to work remotely or indeed move to cloud computing, you are reliant on passwords to prevent unauthorised users from accessing your company data. Unfortunately, static passwords can be compromised since they either get written down on sticky notes, or may be too simple and can be guessed. The way to protect against password theft is to employ two factor authentication using an App that is installed on the employees Smartphone, which allows you to generate a unique 6 digit password every time your staff log in. The downside of using two factor authentication is that your users need to generate the one-time-password as an extra process when logging in, but if your data is confidential or has commercial value, you may decide that this is a price worth paying.

Summary 

Technology is now available to provision secure remote access from any device that can connect to the Internet, although a little planning (and knowledge) is required to ensure that opening the doors to remote working doesn’t mean that you expose your company data to significant risk. If you would like to know more about IT support services and network security products available from Clearview Data Systems, please download our "Secure Remote Access" white paper, call us on 01707 255060, or email info@clearview.co.uk.

Six Sure Signs You Need To Change The Way You Manage Your IT

When the engineer that came to fix your PC at 9 am is still in your office at 4.45 pm.

If your PC is infected by malware, the only way that you can be absolutely sure that you have a clean PC is to reload it from scratch. Without a recovery plan, it can take an entire day to reload Windows 7, apply all of the patches required, and then reload your business software. If you want to avoid escalating IT support costs, you need a recovery plan that allows you to rebuild your PC’s in minutes, not hours.

When your server crashes and your tape backup won’t restore.

Although there is dispute about how frequently tape backups fail to restore (some sources quote 70% failure rate), it is clear that manual methods of data backup cannot be relied on for data backup. In any event, your critical data should be automatically backed up to offsite storage to protect you not only against server failure, but also against fire or flood.

When your staff tell you that you need a faster internet connection and have no way of knowing if they are right.

Companies everywhere are turning to video and podcasts on their web sites to engage with their customers which is great for customer engagement, but can take up internet bandwidth that you need to use for VPN connections or client extranets. If your firewall is more than 2-3 years old, consider upgrading to a "next generation firewall" that not only protects you from hackers, but also provides you with clear information on how your internet connection is being used at any time.

When your internet link fails and your staff stop working because they can’t access your hosted email / CRM systems.

Cloud computing services allow you to reduce operating costs and access your business applications from any internet connected device … but only as long as your internet connections is working! Before moving your business applications to the cloud, make sure that you have considered making provision for access to key business applications using 3G / 4G cellular, satellite, or a second internet connection in the event of failure of your primary internet link.

When an employee’s PC “breaks” after they installed some software from the internet.

Free software is great until one of your employees installs the wrong kind of free software on one of your PC’s. Unless you want to keep on paying IT engineer callout charges, you need to take control of who can and can’t install software onto your company PC’s. You need to ensure that any software installed isn’t a Trojan in disguise or badly written freeware, both of which can make your PC’s run unreliably and eventually crash. If it isn't possible to lock down your PC's then you need to strengthen your web security to make sure as best you can that your users don't accidentally download malware from the internet.

When the engineer who took a £250 cheque from you yesterday is back at 12.00 today.

When new bugs are discovered in software that you have installed on your PC’s, the “bad guys” hurry to work out how to exploit them so that they can get their code onto your PC’s to steal your personal information and logins. You must make sure that updates required to protect your PC’s are installed, otherwise you are a sitting duck for malware that can be accidentally downloaded from comprised or malicious websites.

You may not be in the IT Business, but most businesses today rely on IT. Our IT Support Services keep your systems running as reliably as possible without the need for you to employ your own skilled IT staff. If you would like to know more, please download our white paper, visit our web site, or contact us by phone on 01707 255060, or via email at info@clearview.co.uk.

Using Cloud Computing To Drive Sales in SMB's

Guest article in our blog from Anthony Romuald at Leadsberry:

Using Cloud Computing to drive sales in SMB's

• Are you convinced about the potential benefits of cloud computing for your business? 
• How do you figure about using cloud computing to drive sales?

Before we address these questions on cloud computing let’s start with the basics of Cloud Computing. Cloud computing is the use of computing resources over the internet. It offers many benefits to small and medium-sized enterprises (SMBs) by reducing IT costs, managing information, and improving time management.

In a poll by CDW’s Cloud Computing Tracking Poll, almost 84% of businesses are using at least one cloud based application and over 76% of SMBs users have experienced big savings on cost. Though at its infancy, cloud computing has impacted business in many ways than one. Cloud computing has lifted the burden and reduced the cost of purchasing hosted solution. Apart from that, it also created significant leeway for sales initiatives. 

For sales managers in SMBs, cloud computing showcases a paradigm shift in marketing by:

1.  Efficiently track leads in the sale funnel
2.  Managing and tracking prospect data
3.  Lower marketing costs

Savvy marketers are now leveraging cloud computing to achieve significant growth and competitive advantage on sales front. 

Let’s now examine each point to understand how it improves selling and reduces cost of sales.
Track Leads on the Go

Sales team will benefit from cloud computing as it help to record, track and manage leads through efficient lead nurturing system. Data of customer or prospects hosted in the cloud will help sales team to access information readily.

Having accurate information of leads and activity on the cloud ensure that sales people can take appropriate action instantly. Further, it eliminates the delay in accessing information around each prospect.

For instance, cloud computing platform like Leadsberry support sales team by enabling lead nurturing campaigns. The tool includes options to set up lead nurturing campaigns, track leads and send collateral to leads based on pre-defined activity. Best part of these lead nurturing marketing programs is that it works automatically and results in conversion of over 35%.

Improve Marketing Efficiency

Cloud computing is used to overcome the limitation of working on application hosted in computers. This gives more mobility to sales team and marketers as it enables them to operate anywhere, and access sale information anytime. This online information access also helps to follow ad production, plan triggered campaigns, and plan out marketing.

Moreover, cloud platforms facilitate marketers to exchange training and customer education material through video tutorials, whitepapers, marketing tips, and marketing collateral.

Expedite Collaboration and Speed of Marketing Innovation 

Cloud computing broke the barriers of working in silos and compartments. With cloud solution like Leadsberry, marketers can collaborate with multiple team, working from different geographies and create innovate campaigns with ease.

By adopting cloud solutions, people can use multiple media, social media channels and integrate all these media to easily create unique marketing campaigns. Another key benefit of cloud solution is that multiple users can log in the same time to complete a task. For marketers, it reduces errors in the file and improves the quality of work.

Finally...

Cloud computing is here to stay. More salespeople are realizing its potential of using cloud services to monitor sales and improve conversion. It’s time you too wake up to the reality of cloud computing for improving the efficacy of sales team and build a conduit between business and customer.

If you would like free helpful advice on IT support or how you could use Cloud Computing to drive efficiency in your small business, please email us at info@clearview.co.uk.

How To Manage Company Smartphones And Tablets

For 3 days after the release of the iPad Mini tablet, Apple were shipping a million units per day. Every Smartphone and tablet has Gigabytes of storage capacity, can connect to Twitter, webmail and online storage facilities such as Dropbox, and can provide access to your company’s email systems. What’s more, they will probably  end up being connected to your network sooner or later. It's a problem that business owners would rather avoid.

Is There A Mobile Device Security Problem?

There are some genuine security issues. An employee's lost smartphone can potentially result in data leakage of client data or company intellectual property, yet the cost savings that can be realised by letting your employees use their own smartphones and tablets to access their company email and work from home are compelling. You therefore need to take a view on the risk of a security breach caused by mobile devices and formulate their own policy for how they can be used in your business.

How Serious is the risk?

The risk associated with mobile devices will very much depend on the nature of your company's business. If you are an Independent Financial Adviser for example, then you should be encrypting client confidential information on laptops anyway to comply with FSA regulation, and the same level of protection should be afforded to tablet devices. In this respect, the iPad has the lead over Android tablets insofar as encryption is built into Apple iOS by design. Equally if you don’t operate in a regulated industry, but you may carry client confidential or company confidential information on your tablet device, I would argue that the iPad is a better choice for the same reason. You may not attract the wrath of a regulatory body if you leave an iPad with your latest product design or your clients’ latest management accounts on the train, but it could still severely damage your company’s profits or reputation.

Sensible Mobile Security 

Mobile Device Security products are available from the major security vendors as well as a number of smaller vendors that allow you to apply sensible precautions for mobile devices. You can for example:

• Enforce a password / PIN policy for smartphones that connect to your network.
• Report on Apps that are installed on your Smartphones and Tablets.
• Block devices that don’t provide encryption.
• Selectively wipe files and company emails in the event that the device is lost or stolen, or if the employee leaves the company.
• Set up a portal from which recommended Apps can be downloaded.

The cost of this software is relatively inexpensive, and it can be managed by a Managed Service Provider as part of a Managed IT Service if you don’t have the skills to manage the system within your company.

If you would like more information on our support services portfolio for small businesses, please visit our web site, download our Managed Services White Paper, or email us at info@clearview.co.uk.

6 Valuable Tips to keep your IT Running Smoothly

IT is increasingly becoming a consumable service, and we aim to provide the most efficient service available. The way in which we do this is to use Best IT Practices to keep our clients' systems running as reliably as possible and to ensure that we are able to recover your systems as swiftly as possible when they fail. 

Like a lot of good practices, the procedures themselves aren't complex. If there is any magic to managing IT efficiently, it is in ensuring that the procedures are followed rigorously.

Even if you don’t yet feel that the time is right for you to outsource the running of your IT, the methods that we use will help you to make sure that you are on the right track if you manage your own IT. The practices listed below are no great secret. The question for you to answer is whether you want to employ your own staff to manage your systems, or outsource the process to a company like us:

Managing Workstations - Create a standard build for workstations on the network and store it on a network storage device. You can then use this image to rebuild workstations when necessary. This reduces rebuild time from 6 hours (by the time all of the Windows patches are installed) to less than 60 minutes.

Data Backup - PC's and servers will fail from time to time, and when they do you need to make sure that you can recover your data as quickly as possible. Server data should be backed up to online storage to ensure that you are able to recover in the event of flood / fire / theft as well as to an onsite server to ensure swift recovery in the event of a server failure. Workstation data will then be backed up to online or onsite storage as appropriate. 

Routine Maintenance - You should ensure that routine tasks such as disk defragmentation and clearing out temporary files is carried out on a regular basis to ensure that you get the best performance from your IT Systems.

PC Security - Check your PC's regularly to make sure that the latest Windows patches have installed properly and that your endpoint security / antivirus software is up to date. It is vital to keep Windows patches and virus definitions up to date to protect you against Internet threats. When a PC fails to install updates automatically, it is likely that some malware has infected your PC. In all probability, it will already be running more slowly than usual as a result of the malware infection, and the system should be reloaded as soon as it is practical to do so.

Keep A Spare PC - When a PC fails, the highest cost will be in loss of staff productivity while you are waiting for the system to be rebuilt. A spare PC preloaded with your company's standard build eliminates lost staff productivity. You simply restore data to the hard disk from the latest backup and your employee an be back up and running while the faulty PC is being repaired / rebuilt.

User Rights Management - Minimise the number of people who can install software onto your PC's. PC problems generally only arise when changes are made . By managing the change process you will be in a much better position to minimise and identify the source of system problems.

Many small businesses simply don’t have the time or resources to ensure that these essential housekeeping tasks are carried out on a regular basis, and that can be where the trouble starts. If you don’t have the latest Windows patches installed, your PC’s and laptops will be vulnerable to internet threats which can steal your employees’ identity and cause your systems to crash. If you don’t test that your backups restore properly, how can you be sure that they aren’t corrupt and that they will restore when you most need them?

That’s where we can step in as your outsourced IT Department, making sure that your systems run as smoothly as possible, and providing you with a single point of contact to resolve all of your IT issues.

If you would like to know more about our IT Support services, please visit our web site, or download our Managed IT Services White Paper. Alternatively please send an email to info@clearview.co.uk . We would be happy to answer any questions that you may have.

Data Protection Law For Business Owners

Data Protection is a serious issue. In the UK, the Information Commissioner can fine organisations up to £500,000 for repeated breaches of data security caused through broken business practices. Yet data security guidelines are far from prescriptive about what should be done to provide adequate protection for your organisation's confidential data, so what should small business owners do to ensure that they stay on the right side of data protection legislation and protect their own interests?

The UK Data Protection Act

If you hold personal information about individuals, you have a number of legal obligations to protect that data under the Data Protection Act of 1998. For full information on the 1998 Data Protection act, you should visit the web site of the Information commissioner http://www.ico.gov.uk, but the eight principles for data protection can be summarised as follows:

• You must have legitimate grounds for collecting the data.
• You must only process the data in a way that is in the person’s best interests.
• Tell people what you will do with their data when you collect it.
• Only process the data in a way that the person would expect.
• Don’t process the data illegally.
• Only collect the information that is necessary.
• Make sure that the information is accurate and kept up to date.
• Don’t keep the information for any longer than you need to.
• Take appropriate technical and commercial measures to protect the information.
• Do not transfer personal information outside the EEC unless it is to a country that ensures that sufficient protection is undertaken to ensure the rights and freedoms of the person concerned

It’s Not Just About Credit Card Numbers

Whilst protection of personal data is of paramount importance, it is not the only consideration. Your should always consider the “Three R’s” when considering data security, backup and Business Continuity Planning.

• Riches - What is the data that will make you rich? The most valuable information for many small businesses is their intellectual property. How should you protect your company’s “crown jewels” against a data breach or “catastrophic” IT failure.
• Ruin - What is the information that could cost you your business? If you are a law firm and expose data relevant to an ongoing court case by dropping a USB device on public transport, the loss of reputation could cost your firm dearly. The same principle applies to numerous other professions and professional services organisation where the cost of implementing appropriate data security measures is a tiny fraction of the cost of a breach to your business.
• Regulation - What information are you obliged to protect by industry regulation (such as credit card information), and what measures are stipulated for its protection.

For many large organisations, the biggest problem that they have is finding out where all of their valuable data is. For small companies however, there is a greater imperative to ensure that staff are made aware of their duties with respect to confidential information including what they can and can’t do. Technical measures should also be taken to protect confidential information by restricting access to your network, and ensuring that appropriate measures are put in place for data backup and encryption where necessary.

Data Security Best Practices
There is no “magic bullet” when it comes to protecting your company’s data since no two companies are exactly alike. From an IT perspective however, the most important considerations are to:

• Recognise which information is important to you, and find out where it is.
• Ensure that your important data is backed up properly, and these days that probably means using some form of off-site backup
• Protect confidential data on laptops using whole disk encryption software, and on USD / CD etc using file encryption. If a USB drive / laptop is lost or stolen, it is difficult to prove that no personal data has been exposed unless it has been encrypted, so why run the risk? Data Leakage Prevention (DLP) software can also be used to monitor and optionally prevent confidential information being sent outside the organisation using unmanaged communication channels such as Webmail or Dropbox.

The ultimate responsibility still lies with you to educate your employees to handle your company data responsibly so that you can eliminate the unintentional human errors that are the cause of the majority of data security incidents.

If you would like to know more about data backup, data encryption and IT security products and services available from Clearview Data Systems, or about our IT support services, please visit our web site, call us on 01707 255060, or email us at info@clearview.co.uk.

Moving Your Business To The Cloud

Cloud computing is a hot topic for large and small organisations at the moment, but as with any new technology, it can be difficult to see past the hype and potentially confusing marketing messages. The promise of cloud computing is to deliver access to the IT applications that you need to run your business from any PC, tablet device or Smartphone. If that isn’t justification enough, you won’t need to install any expensive servers, pay for disk space and processing that you don't currently need, or employ skilled technicians to manage those systems.

Planning Your Migration To The Cloud

Migrating to cloud computing will be a journey rather than a transformation, and it is likely that most companies will run a hybrid of cloud computing and on-premises systems for a number of years. There are also applications which aren’t a good fit for a cloud computing environment, so don’t try putting square pegs into round holes … just leave them as they are. Some applicatons are a better fit for cloud computing and far easier to migrate, so why not start with applications such as email security and data backup first? In many ways they are better suited to cloud deployment anyway. Once these simpler migrations have been completed, a more considered approach needs to be taken in migrating mainline business applications.

Moving Business Applications To The Cloud

In moving business applications to the cloud you need to decide whether you want to simply take your existing business applications and make them accessible via a web browser (Hosted Desktop), or whether you want to adopt Software-As-A-Service (SAAS) applications such as Google Apps For Business (Email / collaboration), Workbooks.com (Customer Relationship Management), or Xero (Accounts). If you choose the SAAS option, you need to be prepared for a change in business practices and the associated training requirement to ensure that the transition to cloud services does not adversely effect your business.

Whichever approach you choose, we would recommend that you either take some time to research the options available to you or take advice, and always run a pilot to make sure that you are able to prepare your staff for the change in the way that they will be working in future.

There are no prizes for moving your IT to the cloud in record time, but the cost benefits and ability to access your line of business applications from any internet connected device make it worth investigating how Cloud Computing will work best for you sooner rather than later.

If you would like to learn more aboutout our IT Support or cloud computing services, download our Cloud Computing White Paper or contact us on 01707 255060 or via email at info@clearview.co.uk .

Clearview Data Systems at Herts B2B Exhibition

Here's a photo from the Hertfordshire B2B exhibition that took place at Knebworth Barns last month.

We will be back at Knebworth barns on 21st November for the Hertsexpo. We look forward to seeing you there.

How should your growing business manage IT?

Small businesses now rely heavily on IT, and the proliferation of Apple and Android tablet devices only serves to increase reliance on technology that many business owners don't fully understand ... But it sure needs to work!

As companies grow it becomes impractical to rely on ad hoc support contracts to keep their systems working reliably. IT Systems need regular maintenance to perform at their best and remain protected against internet malware, so business owners need to take a decision to either employ a full time IT Manager or outsource to a Managed Service Provider.

Why IT Management is difficult for small businesses.
Larger companies can cost justify employing a full time IT team including teams of first line support engineers, experienced systems professionals and an IT manager. The system is proven and works well because junior members of staff have clear opportunities for career progression, senior technicians can roll their sleeves up and get to grips with new technology, and the IT Manager can occupy himself with developing IT strategy to meet the businesses' needs and managing his team. Unfortunately, it’s a different story for SMB’s. Skilled IT staff are thin on the ground and command good salary packages, so you need to make sure that you are going to be able to keep them busy.

IT Managers Need A Challenge
SMB’s are not always attractive employers for good IT professionals as they have fairly simple IT needs. Since most IT Managers are techies at heart, they like to be able to get to grips with the latest technology. Given that most of the tasks required to keep your systems running smoothly are routine in nature (e.g. updating antivirus software and ensuring that required Windows Updates are installed) , a small company is unlikely to be able to offer an IT professional the opportunity to build the infrastructure of their dreams. There is therefore a relatively high rate of turnover amongst IT staff in SMB organisations with IT staff leaving to seek new challenges in larger companies where they can gain experience in the latest technology. 

Losing an IT Manager causes its own problems. Suddenly, the one person who knows the ins and outs of your systems is gone, so it can be a turbulent time while you go through the process of finding a replacement which in itself diverts you from the process of running your business.

Should You Use A Managed IT Service Provider?
The alternative to employing your own staff to run your IT systems is to employ a Managed IT Service Provider (MSP). For a fixed monthly fee, a managed service provider will perform all of the functions that you would expect from an IT Manager, but at a lower cost. What’s more, you don’t need to worry about keeping them occupied, or whether they may leave your company.

Equally important is that an MSP is equipped to carry out the routine system management tasks required to keep your systems running smoothly and to do so as efficiently as possible using automation software. Unlike a break/ fix contract, an MSP gets paid no more money for sending an engineer to site to re-build a PC that has crashed, so they will do everything possible to make sure that they don’t.

Because of this, many larger companies with their own IT Manager (50 - 100 staff) use a Managed Service provider to support an in-house IT Manager. This way, your IT Manager can concentrate on the bigger picture of how you can use IT to make your business more efficient, and leave the routine maintenance tasks to the MSP who can carry out the work more cost effectively than employing additional staff.

What About Cloud Computing?
he move to cloud computing will undoubtedly be an accelerator to the adoption of managed IT services by medium and larger sized organisations. Organisations who run their business applications as cloud services will have no need to employ a full time IT Manager, but PC’s, printers and firewalls still need to be maintained, and an MSP is perfectly positioned to provide these functions efficiently and cost-effectively.

Want To Know More?
If you would like to know more about our IT support or managed IT services, please download our white paper or contact us at info@clearview.co.uk .

Managed IT Services - A 60 second introduction

Small businesses without in-house technical expertise can often find managing their IT a challenge. To start off with, the task of IT management may fall to the person who knows most about computers, but as a company grows it becomes necessary to call in a specialist when problems arise. As the company grows past 5 – 10 employees however, a more structured approach to IT Management is called for to ensure that your data is properly managed. At much the same time it will probably become apparent that there has to be a better way of managing IT than waiting until something breaks before you fix it. It can take up to a day to re-load a PC from scratch due to the number of updates that need to be applied, and onsite engineering charges can easily start to mount up to a point whereby a single call-out can cost in excess of £500.

If you can't justify employing your own IT Manager, your best choice could well be to engage a managed IT Service provider, but although the approach has been around for some time now, and can deliver significant benefits for small businesses, many business owners don’t fully appreciate what is involved in handing over management of their systems to a Managed Services Provider (MSP), or what they get for their money and so they have shied away from it so far.

What does a managed service provider do?

A managed service provider can either run every aspect of IT Support for you, or can offload day-to-day administration tasks from your current IT manager, allowing them to concentrate on developing your IT to meet your business needs rather than performing routine maintenance tasks. It really depends on what suits you best. In general terms however, a Managed Service Provider provides you with all the benefits of a specialist IT department without having to pay out the associated full-time salaries, or worry about the HR hassles of managing your own IT team.

How can your IT be managed by a Managed Services Supplier (MSP)?

Remote Management software is installed on your PC's and servers and allows an MSP to monitor your IT systems and report back on potential problems such as low disk space, failed Windows updates, or out-of date security software so that preventative maintenance can be undertaken before a system fails. Many of these routine maintenance tasks can either be automated or undertaken remotely, minimising the cost of delivering support by cutting down on the need to send an engineer to your offices.

What happens when IT systems fail?

A managed services supplier should make provision to be able to recover your systems as swiftly as possible in the event of failure. To minimise system rebuild time, a spare PC should be kept in your offices together with a snapshot of your standard PC build. Onsite / offsite data backups are then take to ensure that systems can always be recovered in the event of a system failure, fire or flood.

What about system security?

Robust security is an essential component of best IT practices that MSP's use to make the job of managing your IT easier. By implementing best IT practices such as restricting who can add new programs to your PC's, and making sure that antivirus and Windows updates are installed, your MSP incurs less cost in managing your system which allows them to keep their service costs down.

Managed IT Services allow you to benefit from the same level of professional IT management as a FTSE 100 company without having to maintain your own full time IT team, or worry about your IT manager going off sick or taking a holiday. You can concentrate on growing your business knowing that your IT is being maintained as efficiently as possible. Please download our Managed Services White Paper or visit our web site if you would like to know more. Alternatively, please contact us on 01707 255060 or by email at info@clearview.co.uk. We will be happy to answer any questions that you may have.

Securing Access To Personal Information

On the BBC's Panorama programme the DWP recently admitted that in the last 12 months, 158 people have been disciplined for unlawful access to personal medical information. Of all information that needs to be kept securely, surely personal medical information must come at the very top of the priority list!

From a personal point of view, it's all very well that they managed to identify and discipline the DWP staff who accessed the information illegally, but I would rather that the appropriate technology had been in place to prevent access in the first place. Yet if government departments fail to protect our data sufficiently, what should companies do to protect access to our personal details? A number of technologies are available to protect unauthorised users from accessing sensitive information in corporate databases:

• Intrusion Prevention – Intrusion prevention technology can prevent you against SQL Injection and Cross Site Scripting attacks. McAfee Database Activity Monitoring and McAfee Intrusion Prevention work at the application layer to identify these attacks and block them.

• Protection against Zero Day Attacks - No database administrator wants to implement emergency patches to their SQL server / Oracle application servers outside their normal patching cycles if they can avoid doing so. McAfee Database Activity Monitoring and Trend Micro DeepSecurity protect you against zero day threats until such time as you are able to apply the manufacturer's patches as part of your normal patching cycle.

• Database Access Monitoring – The first step to securing information on your databases is being able to report on access to personal / confidential information on your databases (e.g. medical information and credit card information) so that you can identify who is accessing this information and consequently which users may have been granted inappropriate access rights. Rules may also be configured to block unauthorised access to sensitive information.

In addition, products such as Safenet Datasecure can be used to overlay best practices for database encryption key management and access control. Key management products protect your organisation’s encryption keys and provide a straightforward means of backing them up securely from a central point.

Technology to implement robust data security is not cheap, but withe the Information Commissioner handing out increasing penalties on those organisations that fail to protect personal information, companies need to seriously consider their risk profile and whether some form of data protection may be a wise investment taking into account the potential cost of breach notification procedures, loss of reputation or worse.

Small Business Security

IT Security is a difficult subject for small businesses. We all know that security is important, but because IT Security isn’t directly responsible for putting money into your bank account, it often slips down the priority list of things to do.

The fact that IT Security is lower down the priority list in small companies makes them a soft target for cybercriminals. They are far easier to target than larger companies, and yet many small companies hold data from larger companies as part of collaborative projects.

Every company, large or small needs to assess their IT Security risk. The choice of how you implement it is of course down to you. You can “Do It Yourself”, choose a service provider, or turn to the growing number of cloud security providers that now exist.

Cloud security offerings are very attractive for small companies. There are no setup or management costs, and you pay only for what you need, allowing you to continue to focus on your business. They take a number of different forms, including hosted web filtering, hosted antivirus, hosted email security, hosted web application firewall, hosted two-factor authentication and even hosted vulnerability assessment to allow you to test your internet facing web servers and networking devices against the latest known attacks.

If you have suffered a breach, you have probably already given consideration to what level of security is appropriate for your company, how to implement the solution and how to manage it. If you haven’t , then now is a good time to be proactive, and review your firewall, endpoint security and data security defences in view of the new technology that has been introduced over the past few years.

Free trials are available for the majority of technology that you want to consider, and we are always happy to offer good advice on the sort of products that you may want to consider to protect your business.

Should You Allow Online File Storage?

In 5 years, Dropbox, the online file storage company has grown to a user base of 50 million users worldwide. That’s great news for their founders Drew Houston and Arash Ferdowsi, but not such good news for network security managers!
Online file storage is simple to use, and incredibly convenient if you need to access files both in the office as well as from home or on the move. The disadvantage of many of the services that were originally designed for consumer use however, is that you can lose control of your data security.
Since consumer online file sharing systems were not designed with the business user in mind; there is often little or no provision for central management, and storing data in US data centres renders it open to examination under the US Patriot act. Storing personal data outside the EU also runs the risk of landing you on the wrong side of EU data protection legislation in the event of a data breach. We think that businesses need to consider their policy on online file sharing and whether consumer file storage services should be blocked using an application firewall.
On the other hand, employees are using these services because they help them to do their jobs more efficiently and be more productive, so a better answer is to provide users with better tools that offer superior facilities than those provided by consumer online storage. Products such as Accellion and Trend Micro Safesync for Business provide cloud storage that can be managed by your IT staff. They employ the highest levels of data protection to secure your information in European data centres, and to protect against insecure passwords, you can also implement two factor authentication to positively identify users connecting to the service.
Both Accellion and Safesync for Busines also provide additional tools for online collaboration, allowing you to send files securely to your clients and business partners, and collaborate on project documentation. If you want to know more about how your company can take its first steps into the world of cloud computing, why not give us a call?

Introducing the Next Generation Proxy Server

The Internet has been with us for over 17 years now, but companies still need to make sure that the Internet supports their business rather than detracts from it. Web security needs to rise to the challenges presented by today's technology trends rather than trying to plug IT Security gaps by fitting yesterday’s square pegs into today’s round holes.

The major change in Internet usage that has taken place over the past 2-3 years has been the arrival of social media such as Facebook and YouTube. At the same time, cyber-criminals have turned from email to the web as a means of disseminating their malicious code that it designed to take advantage of unpatched workstations on your network to obtain your employees' personal login credentials. Simply installing web filter software doesn't adequately address the demands for web security that now arise. More granular controls are required for web security that allow companies to market themselves using social networking whilst protecting themselves against the new generation of web threats.

SonicWall firewall appliances not only provide companies with firewall security, but also URL Filtering, antivirus, and control over web applications such as Skype, Facebook and Spotify. It is even possible to permit access to Facebook to update company marketing information whilst blocking the ability to play Facebook games. If however you want to make sure that you have the highest level of web protection against today’s zero-day threats, you need to look at the current generation of proxy servers.

Trend Micro Interscan Web Security and McAfee Web Gateway both go beyond traditional web filtering in providing protection against zero day threats spread by “drive-by” infections. They examine the behaviour of executable code that is downloaded from the internet and simply block the delivery of any code that appears to perform potentially malicious actions. By blocking execution of the Java / ActiveX code that is used to run exploits against unpatched workstations and laptops, you are able to go a long way to preventing prevent the installation of Trojan applications on your company’s systems.

Getting The Best From Your Endpoint Security Software.

I hope that it’s safe to assume that anyone reading this blog has at least some form of antivirus software installed! If nothing else, we now seem to accept that it is a good idea to use commercially available endpoint security software such as McAfee Endpoint Protection or Trend Micro Worry Free Business Security to protect against malicious code that is inadvertently downloaded from the Internet.

Today’s endpoint security suites however have so much more to offer than virus protection, and although some of the new network security features such as zero day threat protection are turned on by default, many companies don’t seem to be exploiting the protection that they have paid for in their endpoint protection subscriptions to its fullest extent:

Host Intrusion Prevention

Intrusion Prevention is not a technology that is just for government and finance companies. It can help to protect every PC from network layer attacks, as well as identify rogue software that has been downloaded to your PC’s through an exploit run against unpatched software.

Personal Firewall

We seem to understand the need for personal firewalls for users who connect back into company systems via a VPN server, but many companies still don’t configure firewalls for in-house workstations. Using a personal firewall on a company network does require some extra configuration, but it also serves as a last line of defence when spyware or malicious code ends up on the user’s PC as it can prevent unauthorised applications from accessing the Internet.

Device Control

USB Smartdrives enable users to carry round their own personal desktop and applications and launch them in your company’s machines. Not only that, but a quick search for applications for USB Smartdrive applications includes a multitude of hacking tools as well as porn viewers. Are you really sure that it’s such a good idea to allow users to plug their own USB devices into your workstations and laptops? If you do choose to implement device control, you may need to provide “authorised” storage devices for your users, but it could save you from a costly data security breach or malware infection.

If you are still only using your endpoint security software for virus protection, take a few minutes to read the documentation to see what else is available to you to improve your PC Security.

Home Working for the Olympic Games

The Olympics are soon to be upon us. For a period of 6 weeks during the summer, the world’s finest athletes will compete for the highest honors that their sports can bestow, but life for people who have to work in and around London just gets a little trickier. All companies around the capital are being urged to provide for home working for the duration of the competition.

Remote Access

Many companies have already installed a remote access server to provide access to their company networks for mobile users, but for those that haven’t, a secure remote access solution can cost less than you think. The SonicWall SRA 1200 SSL VPN appliance can be installed for under £1,000, and Two Factor Authentication no longer requires users to carry separate devices to prove their identity when they access the company network. Safenet SafeWord 2008 can use either SMS to distribute one-time passwords, or smartphone apps for iPhone / Android devices. For companies who are looking to review their remote access systems, VPN Servers such as the SonicWall EX6000 allow you to temporarily burst the number of concurrent user connections that you have available to provide for travel disruption due to the Olympics or more often snow. Transport delays no longer mean that your employees have to be unproductive.

VPN / Firewall Appliances

Some companies may also find that a new firewall appliance is the way forward for them. The SonicWall NSA 3500 VPN firewall appliances don’t just keep the bad guys out ... they also let your staff access your network securely using SSL VPN and RDP. This allows your staff to work as easily from home as they can sat in your office, and with the falling cost of firewalls over the past few years, a new firewall needn’t break the bank.

Cloud Storage

As an alternative companies may also want to give consideration to the use of cloud storage that is accessible both from the office and laptops / tablet devices. Services such as Trend Micro SafeSync create a folder on your PC / Laptop into which you can drag and drop files and folders that you can access from a home PC and even tablet devices. You can even set up online collaboration facilities to allow your project teams to share files securely using any device that has an internet connection.
There is still time for you to install a home working system before the games start, but make sure that you allow some time just to sit back and watch the greatest show on earth.

Security and Social Networking.

Social media is here to stay despite the challenges that it presents for web security. So perhaps it’s time to take a long hard look at your network security defences and see if they are up to muster in these days of social networking and web applications?

The Web Application Dilemma

Web applications have changed the game as far as IT Security is concerned. The problem is that social media has a growing number of legitimate business uses. Organisations of all types are increasingly using social media to connect with both the public and their customer base. Yet social media sites are also targeted by cybercriminals as a means of getting their malware onto your employees  PC’s.  You also have to ask whether you want to give your staff access to Facebook for legitimate business reasons without at least having some control mechanism that will prevent them from playing Facebook games when they should be doing the job that they are being paid for.

Bandwidth Considerations

An increasing amount of internet content comprises streaming video and audio. Much of this is “good” video being used by companies to deliver marketing messages and technical previews of their products, but too much streaming media coming in through your internet connection can mean that your company extranet and secure remote access services suffer. In an ideal world you should therefore have a way of not only having an “on or off” switch for streaming applications, but also a throttle mechanism to allow you to keep a proportion of your internet bandwidth available for more business critical applications.

Good and Bad Web Applications?

So Facebook is good (with appropriate controls), YouTube is good (in moderation), but what about the plethora of other web applications? Should your users really have Spotify streaming their favourite tunes to their desks? Applications such as Dropbox are great for personal usage, but you have presumably spent a considerable amount of money over the years in software to make sure that your email is virus-free, and Dropbox has just bypassed all of your carefully constructed gateway security!

Is It Time To Overhaul Your Firewall?

The real answer to all of these issues is to upgrade to a Next Generation firewall. Next Generation firewalls from SonicWall and McAfee provide you with visibility of web applications passing through your internet gateway and allow you to regain control of your internet security. The first step is to be able to audit what traffic is passing through your firewall. Armed with this information, you are able to take informed decisions as to whether a specific web application should be allowed through your firewall, and if the answer is yes you can then decide whether to scan it for internet borne malware (even within an SSL encrypted tunnel), as well as whether to apply either a bandwidth or time of day policy. All of this can be implemented on a per user basis if appropriate.

Social Networking Can Be Controlled.

The advent of the “Web 2” world comprising social networking sites, web applications and streaming media presents some significant challenges to maintaining the security of your networks, but major manufacturers such as McAfee and SonicWall have addressed these new threats through McAfee Firewall Enterprise and the SonicWall NSA firewalls respectively. If you would like some advice on implementing a Next Generation Firewall solution, please contact us.