Thursday, 07 September 2017 / Published in News
Hurricane Evacuation for your business

Hurricane Evacuation checklist for your business

Evacuation Preparation

In light of the storms heading toward the Gulf of Mexico, ComSolutions wanted to share a few reminders to help make things a little easier when an emergency arises.

  • Please note the following.  If you are bringing your server or computer equipment with you or just want to leave it in place,  please be sure to follow proper shutdown procedures. Remember that it is never safe to power a server off without following a specific protocol. To prevent damage, there is a specific order in which your equipment should be shutdown. If you’re unaware of how to shutdown your server or equipment orderly,  CSI would be happy to assist. Please call our office at 504-224-9475 Ext 2 or email csiteam@comsolutionsusa.com to schedule a call or an on-site appointment.
  • If you plan to work while out of town, here is a basic kit that can make working on the road easier:
    • Plastic storage bin to carry the following
    • Extension cord / surge protector
    • Network switch and RJ45 patch cables
    • Wireless router or WiFi HotSpot
    • External drive(s) or NAS unit that we have identified.
    • A list of all of your vendors, customers, and primary points of contact
    • A copy of your insurance policies, agents phone number, and your business checkbook in the event of relocation.
    • Setup an employee social media page for emergency communications
    • Call ComSolutions at 504-224-9475 Ext 2. with any questions
  • If you already have a cloud disaster-recovery plan with CSI, please call us so we can schedule a phone interview or appointment to review this. Remember to stay safe, keep us informed of your plans, and keep our contact info handy should you need any assistance.
blank
Wednesday, 29 March 2017 / Published in News
blank

World Backup Day 2017

March 31st is World Backup Day, but it’s important to backup more than one day per year!  Here’s why.

Data can be lost in a number of ways including:

  • Operating systems crashes
  • Data corruption
  • Hardware failures
  • Lost or stolen devices
  • Natural catastrophes including fires, flooding, etc.
  • Viruses
  • Accidental file deletion
  • Failed or incompatible upgrades, patches, or other improvements to your system
  • Deliberate sabotage by a disgruntled employee
  • April Fools Day pranks gone too far… one more reason to do backups on March 31st

Remember don’t just back your data up, have a backup plan! This means having a comprehensive strategy for dealing with all of the above.  Your backup plan should include solutions to all of the following common problems:

  • If your entire workplace is destroyed by a catastrophe, do you have an off-site copy of your data to work from?
  • Do your backups go back far enough to insure that you will have a good copy of your data, even if a virus or corruption gets saved to your most recent backup?
  • Do your backups include all of the system settings required to restore your work to a new device without having to undergo lengthy reconfiguration issues?
  • Do you have a place to restore your data and software to?

 

 

 

blank
Monday, 30 January 2017 / Published in News
blank

blankCAN EMERGENCY RESPONDERS FIND A 911 CALLER IN YOUR ORGANIZATION?

E911 Legislation and Compliance

As of 2017, your company or institution can be legally liable for 911 calls that fail to provide the correct location of the caller.  As of December 31, 2016, if your system does not meet these standards, you have a legal obligation to change your phone system immediately in order to avoid stiff fines and penalties ranging from $500.00 to $5,000.00 per offense.

What does E911 compliance require?

  • Calling 911 cannot require an outside access key such as having to press * to dial out (common in hotels and offices).
  • A call to 911 must relay the detailed, physical location of the phone down to the room number, floor, or office number.  Police, fire fighters, and paramedics use this exact information so they are sent to the correct location, avoiding any delay reaching the emergency.
  • If disconnected, emergency dispatchers must be able to call the phone back directly without getting an auto-attendant, answering service, call center, or remote switchboard.
  • 911 calls connect to the agency within closest proximity to the caller — not the central phone system’s location (e.g., corporate headquarters).

These safeguards are already built into our VoIP phone systems, but if you are unsure if your phone system meets these specifications, give us a call and we’ll make sure that you are covered.

blank
Wednesday, 16 November 2016 / Published in Social-Media
blank

cuStomer friEndly suppoRt innoVative positIve preCise timEly : SERVICE

blank
Friday, 23 September 2016 / Published in News
blank

blank

Yesterday, Yahoo confirmed claims that 500 million user accounts were stolen as of a 2014. The data that was compromised includes names, emails, passwords, telephone numbers, and the answers to account security questions. If your account is one Yahoo suspects was compromised, you’ll be prompted to enter a new password as soon as you log on. If you use the same password on other accounts, you should change those, too.

How to Minimize Risk

While there is nothing you can do to prevent these breaches, there are a number of best practices that you can use to prevent exposure from these kinds of attacks:

  1. Pick better passwords:  When information gets stolen, the time it takes the hacker to decipher your password is directly proportionate to how common and complex of a password you are using.  Avoid common passwords and patterns such as “12345”, “qwerty” or “password” and if you use any actual words in your password, pair them with a few random letters and numbers as well.
  2. Change Passwords Often: Often times these attacks don’t become clear until well after the data is stolen, but if you change your password often, the stolen information will likely be outdated by the time the hacker tries to exploit it.
  3. Never Reuse Passwords: Just like changing your password can prevent stolen info from being used against you, reusing old passwords can re-open you to risk from old breaches.
  4. Update Security Questions:  Just like passwords, these can be stolen and used against you as well.
  5. TWO-FACTOR AUTHENTICATION: Adding a second type of authentication, like a one-time code sent over text message, can greatly secure your online accounts making them hard to get into even if your information gets stolen.

Contact us today to find out more about how to secure your company’s online accounts.

blank
Monday, 08 August 2016 / Published in News
blank

crypto-banner

With the increase in frequency of Malware and Ransomware attacks over the past few months, we felt the need to make our clients aware of this threat and offer a best practices summary to assist our clients in defending their networks.

What does it look like and how does it work?

There are different types of ransomware. However, all of them will prevent you from using your PC normally, and they will all ask you to do something before you can use your PC.

They can:

  • Prevent you from accessing Windows.
  • Encrypt files so you can’t use them.
  • Stop certain apps from running (like your web browser).

They will demand that you do something to get access to your PC or files. We have seen them:

  • Demand that you pay money.
  • Make you complete surveys.

Often, the ransomware will claim you have done something illegal with your PC, and that you are being fined by a police force or government agency.  These claims are false. It is a scare tactic designed to make you pay the money without telling anyone who might be able to restore your PC.  There is no guarantee that paying the fine or doing what the ransomware tells you will give access to your PC or files again.

illigal-warning

Prevalent ransomware

Crowti (also known as Cryptowall), and FakeBsod are currently the two most prevalent ransomware versions. These two families were detected on more than 850,000 PCs running Microsoft security software between June and November 2015.

Please remember once your files are encrypted, you cannot recover them but must restore a fully tested backup and also have removed the threat from your entire system and server.

attackTypes

What can I do to protect myself and my company?

  1. Always verify who the email sender is:
    If the email is coming from a bank, verify with your bank if the message is legitimate. If from a personal contact, confirm that they actually sent the message. Do not rely solely on trust by virtue of relationship, as your friend or family member may be a victim of a virus or spam campaign.
  2. Double-check the content of the message.
    There are usually errors or discrepancies that you can spot such as a claim from a bank or a friend that they have received something from you? Try to go to your recently sent items to double-check their claim. Such spammed messages can also contain an executable (.EXE) or ZIP file attachments. Never open .EXE, PHP, HTML or script file attachments within an email. Always confirm with the sender that any ZIP attachments are also legitimate.
  3. Refrain from clicking links in email.
    In general, clicking on links in email should be avoided. It is safer to visit any site mentioned in email directly.
  4. Refrain from clicking pop up ads on websites offering software upgrades.
    In general, clicking on popups should be avoided. You can contact the software vendor’s website or CNC to obtain an updates necessary for your software.
  5. Use a reputable Antivirus security suite.
    It is always a good idea to have both anti-malware software and a software firewall to help you identify threats or suspicious behavior. Malware authors frequently send out new variants, to try to avoid detection, so this is why it is important to have both layers of protection. Most malware relies upon remote instructions to carry out their misdeeds. If you run across a ransomware variant that is so new that it gets past anti-malware software, it may still be caught by a firewall when it attempts to connect with its Command and Control server to receive instructions for encrypting your files.
  6. Backup important data.
    Unfortunately, there is no known tool to decrypt the files encrypted by ransomware. One safe computing practice is to ensure you have accurate back-ups of your files. You will also need to ensure all data is being saved properly and guarantee your backups validity. Please contact CNC for your data backup options right away.

CNC advises that you do not pay the ransom

Paying the criminals may never get your data back. There have been plenty of cases where the decryption key never arrived or where it failed to properly decrypt the files. Plus, it encourages criminal behaviour.

We want to discuss the importance of having server images and solid backups of all data. This is the single most important part of your defence. CNC would like to review and verify the type of data backups you are currently using and then discuss our findings in detail. CNC will be reaching out to schedule an appointment and we would be glad to provide you with updated options for your system.

dont-pay

blank
Friday, 27 May 2016 / Published in News
thumbnail for Windows 10 Blocker

 

Banner for Windows 10 Blocker

Microsoft has been getting more and more aggressive with their upgrade to Windows 10, but it is important to make sure that all of your important programs are compliant with Windows 10 before going through with the upgrade.  This is very important since there are a number of mainstream and proprietary business applications that have known compliance issues with this new OS.

Since Microsoft began offering free upgrades last year, reverting Windows 10 upgrades have become one of our most common tech support calls.  In many cases these were the unintentional result of Microsoft’s automatically scheduled upgrades.  There are several reasons why people have chosen not to go to Windows 10 just yet, but from a business perspective, the process of updating and then reverting Win 10 can cause a lot of down time.

If you have decided that your company would not benefit from upgrading, we have a couple of solutions that can disable Windows 10 upgrades on your machines until YOU are ready to make the switch.  The ideal solution, if you are running Windows Pro, is a server level patch that will disable the upgrade dialogues across your network.  Our remote technicians can also log into individual machines to prevent updates, we just need a list of those employees and a means of contact.

Love it or hate it, Windows 10 is eventually going to phase out 7 & 8, but this migration process should be done on your terms after your company has had the opportunity to prepare and test for the upgrade. Not because Microsoft decided to arbitrarily pick your name out of a hat.

If you are interested in blocking Windows 10 upgrades, give us a call at 504-224-9475 and we can do the rest.

blank
Thursday, 19 May 2016 / Published in News
Accessibility Required? Section 508, WCAG thumbnail graphic

Accessibility Required? Section 508, WCAG full width graphic

The legal requirement of websites to be handicap accessible has been a point of hot debate since the 90’s, but in August of 2016 (This decision has been deferred until 2018), that debate is finally expected to take a major turn in favor of our handicap community by requiring most websites to adopt the same handicap accessibility requirements as federally funded websites.

Understanding the new Section 508 Compliance Standard

In 1990, the Americans with Disabilities Act (ADA) changed the face of this country by legally requiring that places of public access be handicap accessible.  Now we see wheelchair access and handicap parking available for every restaurant, doctors’ office, entertainment establishment, and government agency.  At the time, however, the internet was so new that most people did not consider these companies’ websites as a necessary point of access for handicap individuals.

In 1998, congress released a list of legally required compliance standards that apply to all federal and federally funded websites that ensured that people with color-blindness, poor vision, total blindness, deafness, slow reading, paralysis, and seizure disorders could access these sites.  These standards came to be known as Section-508 Compliance, or more simply “508”.  The new 508 standard is not going to be a new law.  Instead, it is a decision expected to be made by the Department of Justice to consider websites as a “place of public access” since so many public services are now only available online.  Read more about this here.

What about International Compliance Standards?

While the United States was the first country to establish guidelines for handicap access, many other nations have chosen to adopt the more clearly defined international standard of accessibility known as WCAG 2.0.  If you do business internationally, please check this list of nations and territories to see if your website is required to meet accessibility standards under the laws of other countries.

If you are unsure if your website meets your legal obligation for Accessibility, or if you have other accessibility questions, please contact our Web Development department today!

*article updated on 11-22-16 to reflect the postponed date of this ruling.

blank
Thursday, 21 April 2016 / Published in News
No more QT on Win

noQTonWin

Since Apple officially pulled support for Windows QuickTime earlier this year, two major vulnerabilities have been discovered that significantly compromise the security of any Windows machine that currently uses QuickTime player.  While the discovery of such vulnerabilities is not uncommon in the IT industry, in most cases the publishing company will quickly release updates to fix these problems.  However, for discontinued products such as this, there is not going to be a solution.

Rather than waiting for these exploits to become more widely used, we are asking that all CNC clients remove QuickTime player from their Windows machines.  Since we expect QuickTime compatibility to quickly wain as a result of these developments, we also suggest converting your existing .MOV videos into alternate formats such as .WMV or .MP4 as soon as reasonably possible.

Does this affect you?

If you have QuickTime on your Windows computer, it affects you.  There are also many common places that your company may be using .MOV videos right now that could be effected by this issue:

  • Videos on your website will no longer play in browsers.
  • Training, Demo, and Product videos may no longer work after you remove the player, or may be playable by perspective clients.
  • Personal videos saved at home may also become unplayable after removing the player.

If you believe this issue might affect you or your business, Let us Know.

*For technical details on these vulnerabilities see ZDI-16-241 and ZDI-16-242.

blank
Tuesday, 12 May 2015 / Published in News
10 ways to avoid phishing scams

10 ways to avoid phishing

If you’ve ever been fishing, then you know that it is a peaceful experience.
But if you’ve ever been “Phished” then you can attest that
is not a pleasant situation to be in. Phishing is the act of an assailant accessing
the personal information of others with the intention of committing fraud.

Here at CNC, we have compiled a list of 10 ways to not get hooked by a Phisher.

  1. Invest in Email, Spam and Anti-Malware Tools.
  2. Communicate only via phone or trusted websites.
  3. Don’t click on suspicious links in emails from unknown senders.
  4. Don’t open attachments in emails from unknown senders.
  5. Never email personal or financial information.
  6. Never enter personal information in a pop-up window.
  7. Use a reputable anti-virus software.
  8. Identify fake phone calls.
  9. Never download files from unreliable sources.
  10. Utilize Google Chrome’s safety tool called Password Alert which notifies you if your google password has been compromised.