B.I.T.S. Partners to Provide Hosted Phone Solution

I have talked many times about cloud based services and their benefits. I have also discussed in previous newsletter articles the merits of VoIP and Hosted VoIP solutions. I am thrilled to announce B.I.T.S . has recently partnered with David Fisher of Unified Card Communications and Comm-Core to begin providing our clients with a powerful, flexible, affordable Hosted IP/PBX solution.

The hosted VoIP solution works by providing phones as endpoints just like a regular phone system. The difference is that unlike a regular phone system there isn’t a big box on the wall with a bunch of wires coming out of it that you have to buy. The phones connect over the internet to a software based phone system hosted in the cloud. Phones can be placed anywhere you have an internet connection and can be connected using the same existing connections to which your computers connect. Because the phones connect to the phone system over the Internet they are inherently mobile, making it easy to work from home. This mobility also means that disaster recovery is built in. If you can connect the phone to the internet you can work. This portability coupled with features like auto attendant allows you to never miss a call. Whether you are traveling or your office is down, your customers will never know the difference.

The Comm-Core solution gives you all the features of a large enterprise phone system at a fraction of the cost monthly. You can lease the phones and other hardware needed to get started or buy it all outright. The choice is yours. One of the more unique features of the Comm-Core system is that they install a separate router on your network dedicated to providing the best quality of service over the Internet they can at each site. This router is part of the equipment lease and is well worth the investment to guarantee clear consistent calling.

If your phone system is getting older, it is more of a liability than an asset to your business. The older the phone system gets the more likely it is to fail and the harder it becomes to find parts and support for the system. With a hosted VoIP solution, every time the provider upgrades their system you automatically get an upgrade. Then the only hardware to replace is the phone, and because the system is so flexible nearly any IP based phone can be configured to work. Give us a call to get a free estimate on a hosted IP phone system for your business.

The Risk of Running XP after April 8, 2014

Windows XP is, in the opinion of many, the best operating system Microsoft has ever produced. On April 8, 2014 Microsoft finally ended support for the aging operating system. This venerable operating system continues to function just like it always has, steadfast and resolute; however, now danger lurks in every shadow, ready to make Windows XP an intolerable security risk. Surfing the Internet, reading email, and even putting a flash drive in the USB port could lead a security breach against which there will never be a defense. Antivirus and firewalls can help stave off many threats; however, when the core of the operating system is vulnerable because it can no longer be patched against threats tools like firewalls and antivirus that rely on information from the operating system cannot be entirely trusted to keep your data safe.

Twenty days after the last patches for Windows XP went out, a flaw was found in Internet Explorer versions supported by XP. These Internet Explorer versions running on XP will not receive any patches due to the fact the operating system is unsupported. What makes this flaw even more dangerous is the media coverage it has received. Major news outlets have been reporting on the flaw since FireEye made it public, news outlets like ABC News, Time, the Washington Post, Fox News, and even BBC. This is the first of many security holes that will continue to be punched in the operating system never to be plugged.

Another threat to the security of Windows XP is the continued patching of modern operating systems like Windows 7 and 8. Attackers routinely reverse engineer Windows security updates every patch Tuesday to develop ways to exploit these flaws in unpatched systems. How can patches for other newer operating systems affect Windows XP, you may ask? All versions of Windows share some common code. Microsoft doesn’t start from scratch with each new operating system it releases. In fact, according to a broadcast I watched, Microsoft stated that between July, 2012 and July, 2013 45 security patches were released for Windows XP. Of those 45 security patches 30 also affected Windows 7. Just over 66% of all the security threats discovered for Windows XP in that time frame of 1 year affected modern and legacy operating systems. If that trend continues over the next year, every month Windows XP will become more and more of a target.

The best course of action when deciding how to combat this threat is, of course, to migrate to a newer supported operating system. If that is not an option, taking your Windows XP clients off of the network and physically separating them from the rest of the world is the next best thing. Virtual machines not allowed to access the Internet are also a valid solution. If your XP systems have to be connected, the only way to protect your data is to perform multiple, regular offline backups of the system and the data to ensure you can revert to a previous version any time the XP system is compromised. Call me for a free basic assessment of your Windows XP systems and for a recommendation on how best to migrate to a more secure environment today.

Securing Your Internet of Things

Some of you may have seen or heard about the Ohio family that had their Internet connected baby monitor hacked. If you have not read the story, you can read it here (http://bit.ly/1hv4Z5B). With 3 small children at home, this story struck a nerve with me. I frustrate my wife to no end with the security I set on the tech in our home, but that doesn’t always mean I maintain that security the way I should. This story however drives home the point that not being diligent in securing your home technology could leave you exposed.

Here are some tips to help you keep your internet connected devices and accounts at home more secure. First make sure you change the password on any new device you connect to your home network or WiFi. This includes your router, internet cameras, computers, and anything else you connect. Make sure when you set up your WiFi you secure it using a long, strong password. When you get a new device, check with the manufacturer to see if there are any updates available to download and then continue to check regularly to make sure your hardware is patched and secure. If your hardware manufacturer does not update their products, it might be a good idea to find another product. You could also write to the manufacturer or find them on social media and insist they provide at least security updates for the products they sell. Finally, change your passwords on your devices and accounts regularly and don’t use the same password on all of your devices and accounts.

It is important to be proactive in securing your home network. The hacker in the story I shared was more of an annoyance than anything else, but just like they mention in the story any device on your home network that an attacker can access is a place from which an attacker can stage more attacks from. Remember, similar plans should be in place at your office to make sure your equipment is patched regularly and that the passwords are changed to help prevent an attack.

Heartbleed

It’s been all over the news. It’s been called the largest security threat on the Internet ever, and it’s called The Heartbleed Bug. The Heartbleed Bug is certainly a serious vulnerability affecting web sites and services across the Internet. This bug is found in a specific version of a software called OpenSSL that is used to secure communications over the Internet like email, web sites, and some VPNs. The affected version of OpenSSL exploits a flaw in a part of the secure communication called the heartbeat. When an attacker exploits this flaw, information stored in the memory of the server leaks or bleeds back to the attacker’s computer. Since the bug was made public, fixes have been being applied all over the web by users of this OpenSSL service. What makes this different from a lot of other security bugs is the fact that it was introduced into the software in 2011 and use of this exploit leaves no trace on the system that was attacked. This means nearly every user on the internet has likely used a service that relies on OpenSSL and there is no way of telling who has been compromised.

After the bug was made public, major IT companies around the world launched into testing their products to determine if they were affected. Companies like Microsoft who do not use OpenSSL directly informed their customers via blogs and social media that their products are unaffected. Cisco for example did have some products affected and posted lists within 48 hours of what products are affected and what products are not. Cisco also began to release information about how to mitigate the risk until they had a fix available. Most technology companies took this risk very seriously and responded very promptly to the potential threat in a way that only the internet could allow. Many SSL Certificate Authorities are affected by Heartbleed and have instructions on their websites about how to ensure that the SSL encryption keys you purchased are safe and secure.

Most online service providers that make use of SSL for securing their content have recommended that users change their passwords immediately and also again once the service provider has finished the process of patching their systems. For those of us who have purchased our own SSL certificates, most Certificate Authorities have all patched their systems. These Certificate Authorities recommend that you log in to their servers and go through a process called re-keying your certificates. Each one has its own set of instructions but in general the steps are the same.

After following the news around this bug development I recommend that you log on to your banks, email providers, and any other online site you use a password for and change your password. Yes, even your Facebook password! If you have a website or have any secure content of your own on the web you should contact the service providers you work with to see if they were affected and follow any instructions they have to ensure your data stays safe. If you are unsure, call us and we will be happy to help you determine if you or any of the services you use was affected by The Heartbleed Bug.