Microworks Renews Microsoft Partnership
UPDATE | 2019-01-30
Microworks is pleased to announce our renewed partnership agreement with Microsoft for 2019. With this agreement, Microworks technical staff study and certify their expertise in Cloud Technologies, Office applications, SharePoint, and network technology. Microsoft provides exclusive access to fast track escalation technical support, and full access to testing and development tools.
Kendall Lougheed, Microworks, President, remarked "This marks 18 years for our work with SharePoint, 25 years for web internet technology, and 30 years for network computing.
Martin Lougheed, Microworks' General Manager, stated "We depend on Microsoft training and support so we can confidently design, build, deploy, and support Microsoft solutions in the cloud and on premise."
SharePoint Saturday - November 10, 2018
UPDATE | 2018-11-10
Microworks is pleased to once again sponsor the 7th annual SharePoint Saturday Ottawa!
SharePoint Saturday is a free day of presentations on a variety of topics related to all things SharePoint.
This is a free event, but you should register to help the organizers plan for the free breakfast and lunch.
Go to the SharePoint Saturday Events website to learn more and register. http://www.spsevents.org/city/Ottawa
Innovation vs Maintenance
Nothing in IT is more rewarding than giving clear value to customers. Managed services with Service Level Agreements (SLA’s) that govern performance is one example. System management tools, preventative maintenance, and formal processes like ITIL help to drive, maintain and increase that value. But we have always wanted to do more than that. We want to understand the customer and help them achieve their goals and objectives. Given that their systems have to be up and running well, innovation starts with understanding the customer’s business strategy, long term plans, and their secret sauce.
Can IT and IM improve information flow or identify better processes? Can we use Balanced Scorecard and IT to innovate plans and processes for customers, stakeholders and employees? In a way, SLA management focusses primarily on approaching 100% up-time. It can never get better than that. Whereas innovation focusses on improving productivity, and renewing customer and work management processes. IM and IT innovation goes beyond SLA maintenance, striving for 110% and beyond.
New Security Assessment
Microworks is pleased to announce its next generation IT security assessment framework. We have broadened this very successful service to include:
- Network security
- Server security
- Physical security
- Email management
- Website, extranet, and intranet
- User devices
- System backup and recoverability
- User management and directories
All businesses are facing increasingly serious security threats, such as the recent global ransome-ware attack. Contact us today to learn more about protecting your information systems. Email us at email@example.com, or call 613.786.3200.
True Stories of Data Loss
Being a 7/24 IT support provider for over 30 years, we meet a lot of new customers suffering an emergency. In most cases, a little more planning would have gone a long way to avoid the crisis in the first place. Here are some typical stories:
"We are moving to the cloud and we ran into problems. Now, we need to roll back until we fix the problem, but the backup disks and the old server seem to have the wrong information."
The bad news… External backups had an incomplete SQL Server dataset. Six months of history was nearly useless. The old server was erased by the cloud migration team.
"We were backing up to the cloud every day so we'd have an online restore point if we ever needed one. We've been hit with ransomware."
The bad news… The ransomware also encypted the cloud storage and you don't have any backup copies. Now, it's pay or lose everything.
"We accidently deleted critical information six months ago when we did our year-end processing. We only have one month of history."
The bad news… Your provider has been routinely overwriting your data history.
Here is my best advice. Define your data retention needs so you know what to keep and how long to keep it. Only off-site storage can protect you from fire, flood, or theft. Offline storage and lots of history will help protect against the encryption-malware bad guys.
Define how much you are prepared to lose and how long you can wait before recovering data. These are called recovery point objective (RPO) and recovery time objective (RTO).
Personally, I like tapes. They are a pain to manage but they can be stored and are resistant to physical damage. By default, I recommend a complete backup at least every day for a month and every month for a year, plus every year for 7 years. Better yet, define a retention schedule that meets your business needs, legal requirements and risk tolerance.
Malware and Online Security Threats
Canadian businesses will soon be compelled to report cyber crime to the Office of the Privacy Commissioner of Canada. Compulsory and rapid reporting can help warn other potential victims whose identity and financial information are at risk. Cyber criminals collect lists of customers, credit card numbers, and personal information for later use.
Ransomware from email attachments is the biggest threat, preying mostly on companies that do not backup their files each day. Many companies simply backup to a single drive, not knowing they are still vulnerable. Victims are surprised, thinking they had adequate security from their anti-spam software.
Being a victim is harsh, humiliating, and expensive so it is no surprise that most crimes go unreported. It makes companies look incompetent. There will be potential liabilities to customers whose personal information was stolen. It's estimated that under 10% of companies now report a cyber crime.
Malware attacks are increasing, but so are the countermeasures. Top providers collect data from tens of thousands of sources then automatically publish the latest intelligence directly into email servers and vulnerable sites. Prevention can be minutes away.
Here is some quick advice.
- Be sure to use well established anti malware/spam providers.
- Install email gateway servers on the perimeter of your network.
- Make sure your firewall gets regular updates on vulnerabilities and malware sources.
- Make sure you have plenty of backup history on different media in different locations.
Securing your corporate information
Malicious attacks, including data theft and ransomware, are becoming more frequent and more severe. We are reading about them every week in the news. Symantec reports Canadians are experiencing attacks an average of 1,641 times a day. The U.S. Computer Emergency Readiness Team (CERT) maintains an online database of current vulnerabilities. The RCMP is tracking threats and scams that are reported on their website. At Microworks, we most often deal with ransomware that locks data drives until a ransom is paid. Recently we have seen ransomware that can also bypass anti-spam and anti-malware filters.
An ounce of prevention
Here are some tips that will help keep your computers running safely:
- Email: Make sure you have up-to-date name brand anti-virus/malware/spam software on client and servers. The better software provides dynamic updates and intelligent threat protection. Force more complex passwords. Educate your employees on email usage policies.
- Firewall: Use a new generation Cisco or other major firewall with intrusion detection and inspection, not just port filtering.
- VPN: Remote access to your network should use strong encryption AND authentication. This means encrypt the conversation and make sure each end of the tunnel is who you expect it to be. Use Transport Layer Security (TLS), or better yet use IPsec.
- Website, extranet, intranet: Make sure to use TLS for your public and private web pages, not SSL because it has serious flaws.
- Mobile devices: A laptop brought home or to a coffee shop could be directly accessed by malicious software and there will be no intelligent firewall protection. That same laptop can bring intrusion software right into a corporate network that lacks internal monitoring, resulting in other computers being infected.
- Wireless Access Points: Use at least WPA 2, and even better, also use Radius authentication.
Backups, backups, backups
Backups will not prevent data theft, but they are an excellent hedge against ransomware. As of this writing, none of our customers had to pay a ransom because of good backup practices. Keep a lot of history to withstand an intrusion designed to appear weeks or months later.