Avsnitt
-
I can't remember any meeting I've ever sat in with a potential client who asks us about our certifications. Most of our clients don't even know what those certifications are, or what's required to get that certification, and how it applies to them. When I was at EDS, yes. I had to get certified on certain things, you had to have specific certifications to move into different groups, to be able to do different things because they were so specialized in what they did. You don't see a lot of guys going to work there with a kind of a general knowledge. It's very specific and they must have those certifications.
Conversely, we rarely hire people coming from corporate or enterprise jobs. We find that their focus is a little too narrow and they don't have the kind of well-rounded knowledge that our clients require.
You know, our guys, our techs have to be able to clean a virus off a computer, as well as configure a firewall for security, and everything in between. So we tend to try to look for those guys that maybe know a little about a lot, as opposed to a lot about one or two specific things.
They can learn the things they need to learn to do our job. So our clients, on our level, don't typically care about certifications. They never ask. We don't really require them when we're looking to hire people. I'm not saying they're bad. They're great. Any kind of training you get is great. Any kind of certification proves that you're willing to learn enough about something to be able to get that certification.
Most of our clients, they assume since we've been around 20 years, we know what we're doing on the tech side. At that point, it's more of a, "How do we feel about each other personally? Do we get the "warm fuzzies?" Can we call your other clients? And talk to them?"
We pride ourselves on our personal touch that we have, even with our remote clients, the ones that aren't here in the metroplex, that we don't get to walk in their office as much anymore with the remote access, and the video calls. We still get to see them stay in touch and still have that personal interaction with them as much as we can without being on site.
It's funny, when I'm talking to new potential clients, I talk about that, that aspect of our business, about our personal relationships that we have with our clients. And it's so much so that, I've got keys and garage door codes to a lot of businesses and maybe even the owners house. They'll email and say, "Hey, my WiFi at home isn't working, or my wife's tablet can't do this..." Or I've gone into a client's house after Christmas and hooked up their kids X boxes on their network, or put in a wifi booster so they could watch Netflix in their bedroom and things like that.
So we have that personal relationship with a lot of our clients. We know their families and we really work with them on that personal level.
A lot of these clients, I've known personally for a long time. We were friends before we were business associates and business partners. But you know that kind of trend translates down to all my engineers and techs as well. And I try to make sure they understand that's part of the business too.
I'm a small business owner myself. And so, I understand the struggle. What they're going through. So, I get it, I can empathize with them and realte to the challneges of owning and running a small business. I think a lot of them appreciate that as well.
Do you need help, or have any questions? Give us a call!
Get all the links, resources and show notes at https://itoverdrivepodcast.com/16 -
Two-factor authentication or multifactor authentication is making a huge push over the past couple of years, but it's been around for a while. The reason it's making such a big push here lately is because Microsoft is starting to push that out to their Office 365 systems, which all of our clients use. A lot of businesses use it at all different sizes. All the school districts use it. It's a big player in the industry, and they're not requiring it yet, but they're highly suggesting it. And it's going to be a requirement, I think, from what we're reading and the way the industry is going.
It's a bit of a pain right now to set up. I think it'll get easier as they go through it. You typically have to download a Microsoft authenticator to your phone or some kind of mobile device. And when you go to log into your email or your cloud server, you put in your login ID, your password, and it prompts you on your phone and asks you, "Are you trying to log in?" And all you have to do is hit yes or no, or approve or deny.
In fact, we're actually working on a document right now. We're going to send to all of our clients with a recommendation to enable multifactor authentication on their Office 365 accounts. And if they don't want to do it, we're going to make them sign off on a piece of paper that they refused. And that if there are any breaches caused by this, that we determine that are caused by them not having the MFA enabled, that will be outside the scope of their contract. It's getting to be that serious. We have plenty of stories where if a client had multifactor authentication enable, it would have saved them a lot of time, hassle, and money.
Sometimes you get that notification, and you're you're you are trying to buy something. It doesn't go through, and you get the text or the email that says, "We saw this charge. Are you, you're trying to buy this?" Well, okay, it's approved, but you may have to put the charge back through and maybe call them back.
But I'm glad they do that, obviously, for the instances when you say, "No, I didn't charge a sombrero in Mexico City!"
Do you need help, or have any questions? Give us a call!
Get all the links, resources and show notes at https://itoverdrivepodcast.com/15 -
Saknas det avsnitt?
-
Your phone and tablets, those are a little easier to secure in that most people either have a pass code or face ID or fingerprint identification. That's pretty secure. That's about as secure as it can get out there. You can do face ID on your laptop with Windows now, and the same with Mac. They have a face facial recognition login, always great to activate if you have that option.
Another great thing to do with your laptop is to turn on full disk encryption. On a Mac it's easy. It's in system settings. You go, I believe it's File Vault and you just turn it on. Same with windows. In the control panel, you can enable BitLocker, and it will encrypt all the files on your hard drive. We highly advise all of our clients to do this.
Audits that our clients will send over either from one of their vendors or one of their customers is requiring this sometimes. We've had a couple from the IRS. We've had clients go through financial audits and as part of that, they've had to perform an I.T. audit as well.
And that's always the big question. Do your laptops have encryption enabled? It's easy to do. It's it makes it pretty much impossible to read the contents of your hard drive without the encryption key. And that's the kicker is people are afraid that they're going to lose the encryption key.
So if we manage it, we've got a repository that holds all the encryption keys. So that we can recover one if one's ever needed. You know that's our big stickler on laptops, you've got to enable that encryption. And then if your laptop gets stolen or lost, you leave it on the plane, somebody grabs it out of your car...
Then you're safe. It doesn't mean they can't format your drive and reload it. They can. But, when they do that, all the files are gone anyway, so you don't have to worry about it anymore.
Do you need help or have any questions? Give us a call!
Get all the links, resources and show notes at https://itoverdrivepodcast.com/14 -
When it comes to passwords, there's some pretty hard and fast rules on what you should and shouldn't use as far as length of password and types of characters. What I like to tell people, and what even a lot of our business clients have started doing, is use a Password Manager. I've been using one personally for years. I think most, if not all of our staff uses one, and we have a lot of clients we've started setting these up for as well.
The great thing about it is, it will store all of your passwords for you in an encrypted vault. And you don't even have to know what they are. In fact, I use one called Last Pass. And when I go to log on, for example, onto my banking site the first time, Last Pass looks and sees that it's requesting a password, and it will prompt me and ask, do you want me to create a password for you?
And if I say yes, it will create a highly secure password. I can tell it however many characters I want it to be, anywhere from eight to 128 characters. It will create the password stored in its encrypted vault. And I don't even know what the password is. I don't know what any of the passwords are to any of the sites that I go to or any of my systems.
All I know is my Last Pass master password, just that one. So when I go to a site, my banking site, it prompts me for my master password. I put in my master password. It goes into my vault, pulls the actual banking site password, which is 28 characters long, plugs it in and logs me in.
It also syncs to my phone. So if I want to log into my banking app on my phone or my credit card app or anything, I log into Last Pass, and I only have to know my master password. Listen to this episode if you want even more great password tips to make sure you don't get hacked. Many people get lazy and sloppy with their passwords, making it much too easy for hackers to break in. Don't let that happen to you!
Do you need help or have any questions? Give us a call!
Get all the links, resources and show notes at https://itoverdrivepodcast.com/13 -
The hardware you use your for businesses, a router and a firewall, switches, wireless equipment, all of this, even though it's hardware it also requires updating to keep security. Typically, for your computer, you have updates for hardware, but other hardware network pieces like printers fall into this category.
This is what's called a firmware update. And the difference is firmware is software that firmware actually resides on a chip, on a silicon processor of some sort within the hardware. So we do have to go out and download firmware updates for these devices and apply them.
You should be going in and applying those firmware updates to those devices and rebooting those devices on a monthly basis, just to keep them all on the latest version, and to keep them all on the latest security patches as well. A lot of people don't think about that.
If you were to go through a security penetration test, you'd be surprised at all the red you would see on your report from all of your hardware being out of date. There's a reason they update that software, hackers can easily get into that software exploit security holes.
And once they do that, they're on your network. Now they can start capturing network traffic. They can see whose computer is insecure and bounce over to that. We do monitor and maintain that for all of our clients as well.
And that's another reason we like to standardize on equipment. We always use the same brand of hardware or firewalls, for switches, wireless equipment. We use the same brand, same models as much as possible just to standardize it, which helps us to keep up with the updates for all of them, knowing what needs to be where.
And obviously within the last year with so many people moving and working from home, we've had to deal with that a ton and that sometimes can be an issue. Users need remote access to the office, or they need to have access to files. And sometimes it doesn't work. Not because something's wrong with the office network. It's usually something on their home network is outdated. Firmware hasn't been applied, it's old equipment and their remote access software.
At least the software we use requires those to be at a certain level and requires that security to be at a certain level before it can be used. And if it's not, it doesn't work. And 99 times out of a hundred, it's something on their home network that's causing the issue.
Do you need help? Remote worker access challenges or network access problems? Give us a call!
Get all the links, resources and show notes at https://itoverdrivepodcast.com/12 -
When it comes to backups, there are many methods out there, all at different price levels. We typically cloud our clients typically employ one of three methods. The first one, is kind of the old tried and true method. You can buy a couple of external little portable, external hard drives, and plug them into your server.
We run a little backup system software that backs up to these external hard drives, and you can swap them out typically once a week and put them in a fireproof safe or take them home to get them off site. So the worst case in that backup solution is if something happens to your server, you lose no more than a week of your data. Not ideal, but from a cost standpoint, it's cheap and works fine, but you're also reliant upon somebody to swap those drives out, take those drives home, or put them in the safe and make them secure.
And if that doesn't happen, then the backups don't occur. Or if there is a disaster and both drives are at the site, and you have a flood or a tornado or something happens in the server room, it doesn't do you any good if all of your backups are all sitting in one place. We may have a couple of clients that still do that, but we kind of cringe at that. We don't recommend it, but cheap guys are going to be cheap.
The next solution is just a cloud backup system. There's plenty of them out there that'll back up your computer to the cloud, and you just pay a monthly fee depending on how much storage. And they make those for businesses as well. And we do have quite a few clients that use that works great. It's automated, you set it and forget it. The files are backed up. You get a report typically every day saying yes, the backup was successful, or it wasn't successful.
It's still inexpensive. It doesn't cost that much per month, and you know that it's done, that it's taken care of, and you don't have to worry about it. To restore data takes a little time because you have to download it. And depending on your internet connection, it might take a full day maybe two, to download all of that. So you're talking about being out of commission for three, four days in a disaster.
Finally, the last one and the best system out is a true backup and disaster recovery system is called Datto. There are a few others out there. Datto is a pretty big player in the market and typically these are clients that can't afford to be down at all, business critical. It's a small server we place on their network. That server then makes an exact duplicate of their on-premise servers. It makes a duplicate of the operating system. The settings, the entire server, it creates what's called an image.
The great thing is it does this every hour. So if we have a client that creates a file at 10:00 AM and one of their other users deletes it at noon, we can go back and pull the file from the 11 o'clock backup. The nice thing is if their server were to crater, that backup appliance will actually fire up that server on itself, bring it up in a virtual environment. And 15 minutes later, they're back up and running until they can replace the hardware.
Do you need help staying secure or creating backups? Give us a call!
Get all links, resources and show notes at https://itoverdrivepodcast.com/11 -
Earlier this week we had a client who got phished. They received an email, and it looks like it's from one of their officers in the company. And the interesting thing was they had been emailing with this officer about a particular product sale they were working on with a client and the officer emailed the salesperson and said, "Hey, this client's agreed to buy."
"Please send them wiring instructions so that they can send over money to purchase our product. And here are the wiring instructions."
And so the sales guy said, "Sure, I'll send that right over." He forwarded that to his contact that he had been working with and that contact sent it to his accounting group. Who then tried to send $140,000 back to my client, a wire transfer. Thankfully their bank called them and said, "This looks a little fishy. Can you verify the numbers?"
So they went back through the trail, back to my client. Who went to the sales guy who went to his officer who said, "Nope, never sent that to you don't know what you're talking about."
How did this happen? After digging into his email, we found that he had opened up an attachment from a source which he didn't know, and had installed some virus malware on his computer and people had been able to get in.
The interesting thing they do here is they got into your email, and this is typically how it works, and they set up forwarding rules for anything to do with wire transfers, bank accounts, anything financial. Those emails never hit your inbox and get forwarded to the hackers automatically all in the background. And then the email gets deleted. So that person never sees it. Never even knows it was there.
And then they'll pull that wire transfer info. They'll substitute a form with letterhead, with the correct email addresses, with the correct names and obviously incorrect wiring information and email it out. You don't want to click on anything you don't know who it's from. Make a phone call first and verify that this is from who you think it is.
We had tons of security systems in place for them. We had a spam filter. We have antivirus controls, a firewall, and they were obviously not very happy. But there's nothing out there that is 100% secure. Nothing out there that is 100% full-proof that will stop every single thing coming through. So some of the responsibility does fall on the end customer and the end user to be knowledgeable. We send out a lot of training on this, but not everyone watches it.
So we suggest you make a phone call and just verify. In the long run, it'll cost you a lot less. Thankfully their bank caught it, and shut it down. Otherwise they would have wired out $140,000 to an overseas bank account.
Do you need help staying secure? Give us a call!
Get all links, resources and show notes at https://itoverdrivepodcast.com/10 -
A lot of people think their computer is secure, they may have a firewall and antivirus software loaded. But really the big key here is that Microsoft releases security updates for Windows, for all of the operating systems, including servers, once a week.
And even though you may have great antivirus software, you may have a great spam filter, you may have a great firewall, but if you're not keeping your updates on your computer, it's still very vulnerable. They push those updates out for a reason, mostly to patch security holes.
Some are performance upgrades. You know, some are functional upgrades. But most of them are to patch security holes in the operating system that their security team spends 24/7 looking for. Or, if other companies have found security holes, which is quite frequent, they'll send out patches as well.
So with our systems, and as part of our contracts, we actually have a utility that does that automatically. We can schedule that, and we actually test the patches to make sure it doesn't break other commonly used software. And once we feel good, we push those out to our clients' computers and servers. We do that after hours. We wake up all the systems. We push the updates they get installed and rebooted all remotely, typically, odd hours of the morning while nobody's in the office.
So it's extremely important to keep up with those. And a lot of people don't because if you don't have an automatic system doing it, that means you have to do it manually. And even though it may prompt and ask you to do it. Most people just say, "do it later, do it later, do it later." Because they're in the middle of something, and they don't want to install and have to reboot their system. Now, I've got to sit here for, for 30 minutes while this finishes. So that's why we do them after hours and automatically, and they're done.
Do you need help getting it done and staying secure? Give a call!
Get all links, resources and show notes at https://itoverdrivepodcast.com/9 -
Obviously we made plenty of mistakes as I'm sure any business, trial by fire learning. The technical side tends to be the easy part, it's running the business that tends to be the more difficult part, especially for us tech types. We just want to get in and play with computers.
Today I'm sharing a story of a mistake I made early on in my business. Basically, with I.T. stuff, Murphy's Law seems to prevail. You know, "If it can go wrong, it will." And because of this, we have learned to budget in extra time for all of those unforeseen pieces of the project. Sometimes I call these "can of worms" deals, where you dive in, and one thing leads to another, and another, and so on.
It's always going to take longer than you think, but we know that. And someone dealing with their own I.T. internally isn't going to account for this, and suddenly find themselves losing even more time, and more money.
Listen in as I share a very educational experience and let me know if you've ever experienced something similar!
Get all links, resources and show notes at https://itoverdrivepodcast.com/8 -
I didn't start off as a computer guy, in fact, I was working in accounting and financial services. Today I share the story of how I fell into I.T. management. Or rather how I was invited into the position because, well, I was young and knew how to re-boot a computer when my co-workers were having issues. And later I was let go from my full-time I.T. position by my longtime friend and client who now says he started Herrod Technology, because I had no choice but to dive into the business and make it work. Before long, I was busier than I had ever imagined and the rest is history.
Listen in to the story of how Herrod Technology was born almost 20 years ago. We've come a long way and helped a lot of great businesses. Let us know if yours is next!
Get all links, resources and show notes at https://itoverdrivepodcast.com/7 -
Ransomware is back in the news. Over the July 4 holiday weekend, small businesses around the world were targeted by hackers demanding ransoms. These supermarkets, schools, libraries, and dentists were unfortunately vulnerable to an attack such as this, which is more common than you would imagine. And this case shows these are skilled, persistent and determined criminals.
In today's episode I recall another ransomware attack and answer a couple of key questions that may be going through your mind. Firstly, you may be wondering, how did hackers break through our systems? Unfortunately, the personal experiences we have had with these bad actors were related to systems where we had suggested upgraded security, but for one reason or another the clients hadn't yet implemented our suggestions.
And another big question, one we hear all the time, is, "How do I know they will hand over the encryption keys when we send the money?" The answer is simple, they want to keep getting paid for similar activities in the future. They are afraid that if they don't hand over they keys when they get the cash, those who are hacked will stop handing over the money. Which is true.
Network security is a big deal. Hackers are out there and if you leave the door open, they will come on in and hold you hostage. Listen in and if you have any questions give us a call. We're happy to answer any questions and give a recommendation if you think this could happen to you.
Get all links, resources and show notes at https://itoverdrivepodcast.com/6 -
Network security is currently a hot topic, but it's always been big with us. Hackers are always working to find new ways to pry their way into business networks, unfortunately. And their goals are usually nefarious. Lately we've heard some high profile stories involving ransoms demanded from hackers using ransomware, which will lock your files until you pay up.
We certainly have solutions and systems for keeping these bad actors out, but we also have some experience getting access back after these criminals have hacked a network. Today I'm telling a true story of a ransomware event with one of our clients. This ended costing the client a lot more than if the software we had been recommending for quite some time had been installed.
This sort of thing doesn't just happen to big companies with super deep pockets. Often, smaller companies with older and weaker security systems in place make easier targets for these type of hacks. You likely won't hear about them very often, because these companies don't want their customers and prospects to know they were hacked, it would put a big dent in their trustworthiness.
Listen in and if you have any questions give us a call. We're happy to answer any questions and give a recommendation if you think this could happen to you.
Get all links, resources and show notes at https://itoverdrivepodcast.com/5 -
Obviously the big one right now is security. We're big on that. We like to come in and the first thing we do for new clients, even existing clients, we will run a full security assessment against their network. It goes out crawls through the entire network, hits every single device, does an in-depth review, and spits out a report. It takes about 48 hours so it's extremely in depth. It's a long report we go through and pare it down, parse it out, pull out the things that are important, the things we need to address.
This takes a lot of the guesswork out of it. It's a printed copy that says, here's where your pitfalls are, here's where your holes are and here's how we can plug them. Right now, the network security is the big one. The malware, the ransomware, these things are happening almost daily now and you're hearing about them in the news. There was a large hack that came down from Microsoft yesterday.
They believed the Chinese government threw this out there for their Microsoft exchange mail servers. We actually had an all hands on deck yesterday, going through our client's mail servers. Thankfully, a lot of our clients are using email in the cloud now, but we do have a few that do still run their own mail servers. We found three actually had the hack loaded on. And what we're reading this morning is there's about 85% of the servers that Microsoft has in the U.S. were hacked.
They basically went out and put in place the tools to do some damage, but haven't actually done anything. It was kind of a probe just to see if they could, and we were going in, cleaning those out, making sure there was no residual leftover after that. Pretty much the whole I.T. world was doing that yesterday.
So security is a big one for us, especially with our small clients. Providing security can get expensive quickly. We try to put together what we in the industry call a stack, which is a set of tools that allow the customer to have a secure network. We use the same brand model, typically, of firewall for all of our clients.
We found the one that we liked the best at the price point that our clients feel comfortable with. Same on the antivirus software side, the malware software side, spam filtering. We have this stack of utilities, software, and hardware that we can come in and sell as a package and works for pretty much every client that we have.
Get all links, resources and show notes at https://itoverdrivepodcast.com/4 -
We have a few clients that like to think of themselves as technically inclined, they like to tinker. They sometimes think they know that they know how to tackle their technology because they set their kids X-Box up on their wifi network at their house over Christmas.
Then they try to take that and apply that to their business. They get into it and find out, oh, this is not my home router and this is not the X-Box with the nice big screen and the controller. I can just pick my preferences out right there. That's one of the pitfalls we see, especially with, you some of our smaller clients who are looking to save money.
They want to do as much of this as they can themselves. They may have a guy on staff. It's typically the young guy that they'll go to, to try to troubleshoot things before they give us a call. And it always comes back to us worse than what we left it. So it takes a little longer to fix.
It costs a little more. And the guy that tried to do it, his production went down for the month because he was playing computer guy. It initially happens when someone has a new businesses or smaller businesses and they're, and they're really trying to cut costs, which means they're trying to cut corners.
And that usually means they're paying more in the end. So we see that quite a bit. Again, smaller clients, as they grow, they tend to kind of grow out of that. They tend to know, okay, well, I've got to focus on my business and my guys need to focus on their business. And, you know, I can't have my employees spending their days trying to troubleshoot things when I've got this other company here that can do it efficiently, have it done, and get us back on track.
Get all links, resources and show notes at https://itoverdrivepodcast.com/3 -
Are you getting your money's worth from the I.T. guy you hired? You brought him in, you can see him every day. You see him at eight and leaving at five and know he's here, which means he has to be doing something, right?
Once you factor in salary, benefits, vacation time, and everything that goes along with hiring someone, is it worth it? And you also have to remember that person can also leave at any time. (And technology guys are notorious for job hopping.) With an outsource provider, you get consistency. It's the same all the time, no matter what, and. The cost is always much lower than hiring in-house for a small to mid-size business.
When I'm out meeting with potential clients, the one thing that I focus on is establishing trust and a relationship, not necessarily the technical knowledge, which obviously we have, but I want to make them feel good about doing business with Herod technology.
I want to make them feel comfortable, feel like we're going to be a great partner for them, and this is going to be nice and easy, and they're going to have no issues. And they don't. Our turnover with clients is very low. I bet I can count on one hand in the last 20 years, the clients, we have lost due to them going to another provider.
I've got clients that have been with me since day one. And you know, they stick around because we see this as a relationship, not a business contract.
Get all links, resources and show notes at https://itoverdrivepodcast.com/2 -
Kicking off I.T. Overdrive where you can learn how to solve and prevent I.T. nightmares today, welcome! Host Kelly Herrod gives some background to Herrod Technology, the company he started 20 years ago to help small and medium-sized businesses with outsourced I.T services. Many smaller companies cannot afford to have a full-time I.T. person on staff, and they also cannot afford to be down because of technology or computer issues.
And even if you're big enough to have an I.T. person on staff, they have to leave for vacations or holidays, and that's when bad things tend to happen. Outsourced I.T. services can be your answer. Listen in as Kelly explains a bit about what they do and how they can help you avoid those issues which are bound to come up.
Get all links, resources and show notes at https://itoverdrivepodcast.com/1