Top Reasons Why You and Your Employees Should Be Using a Password Manager




Post on : January 11, 2018

Today, our workforce accesses a myriad of online services. Each of these services is protected with a username and password. Without proper tools, managing these passwords can be a security nightmare. Some of the obviously bad solutions:

  • Keep all usernames and passwords in an Excel file
  • Write all usernames and passwords on a small piece of paper hidden under the keyboard
  • Openly share usernames and passwords on a printed sheet, taped at the front of the office

Some of these may sound bad, but I have personally witnessed every single one. I have also seen worse!

 

Password Managers to the Rescue

Today there are several free password managers that are available to help solve the security problems associated with too many usernames and passwords. The solution also provides benefits to system administrators beyond simple security.

Our favorite password manager is LastPass. We also really like KeePass. Both are free and work really well. Check out their sites and choose which is best for you. If you already have a password manager that you really like, be sure to mention it below in the comments section.

 

Reasons to Use Password Managers

 

  1. Protect your accounts with better passwords – A password manager allows you to automatically generate random passwords with lower case, upper case, and special characters with the push of a button. Specify passwords with at least 15 characters where possible. This practice significantly reduces the chance of having your password hacked.
  2. Get ahead of the curve during the next big data breach – Data breaches are now commonplace. When you find out that a service you were using was breached, you can use built-in functionality to quickly change your passwords. LastPass can change passwords for you automatically.
  3. Share passwords safely and effectively – Sometimes sharing a password can’t be avoided. If you both use the password manager, you can share the password between both accounts. This means when one person changes the password, it updates in both password vaults or databases.
  4. Perform security audits to measure the effectiveness of your password choices – Many password managers will audit your passwords across all sites. From there you can identify if you are using the same password on multiple sites.

 

What Now?

We would love the chance to discuss your thoughts on password managers. Do you have a favorite tool that deserves a mention. Put it in the comments section below. If there are any questions, put them in the comments below or give us a call and we are happy to help where we can.

Subscribe to our blog so you don’t miss out on amazing articles just like this!




Three Ways Dentists Can Improve Backing Up Their Eaglesoft Server




Post on : January 4, 2018

Many dentists across the United States are using Eaglesoft for their Dental Practice Management software solution. Careful consideration needs to be given when deciding on a backup strategy for this software.

The biggest problem is that Eaglesoft uses Sybase for its backend database and not SQL. What this means is that we can’t leverage standard Windows backup technologies, because Sybase isn’t VSS aware!

This means you need to take a couple of precautionary steps to ensure that your backup strategy meets your needs and addresses the complexities of Eaglesoft.

 

Step One: Prepare the Database for a Good Backup

Before you backup your Eaglesoft server, you need to ensure that the database engine is stopped. It is possible that at the end of the day, not all of your staff have disconnected their clients from the server. Simply modify the database engine settings to automatically disconnect all users when the Eaglesoft server is shutting down.

  1. On the Eaglesoft server, click on Start > Programs > Eaglesoft > Technical Reference.
  2. Click on Database Setup button
  3. Check Disconnect active clients when shutting down the server

 Step Two: Automate the Database to Start and Stop Using Task Scheduler

We want the Eaglesoft database to stop before we take a backup. After our backup completes, we then want to start the Eaglesoft database.

Instead of performing these steps manually every day, we are going to use the Event Scheduler in Windows to perform these tasks for us.

Note that Patterson does not support this configuration, so you will need an experienced engineer to make sure that the tasks are created correctly and that the tasks complete successfully.

Add an Automated Task to Start the Database

  1. Click on Start > Control Panel > System and Maintenance > Administrative Tools > Task Scheduler
  2. Create a new task folder in the console tree called Eaglesoft Backup
  3. In the Actions pane, click on Create Basic Task
  4. Give the task the following name: “Eaglesoft Start Database”
  5. Under description, put “Automated task to start the Eaglesoft database after a backup of the server.”
  6. Set the event to start Daily
  7. Adjust the start time to a time of day after the backup will succeed. This could be 11:30 PM or later.
  8. Click on the Start a program radio button
  9. In the Program/script box input the following:
    • For Eaglesoft 15 and below: “C:\Program Files\Eaglesoft\Shared Files\techaid.exe”
    • For Eaglesoft 16 and above “C:\Eaglesoft\Shared Files\PattersonServerStatus.exe”
  10. In the Add arguments (optional) box put “-start”
  11. Click on the Next button
  12. Check the Open the Properties dialog for this task when I click Finish box
  13. Check the Run with highest privileges box
  14. OK button
  15. Provide administrative login credentials and click on OK

Add an Automated Task to Start the Database

  1. Click on Start > Control Panel > System and Maintenance > Administrative Tools > Task Scheduler

  2. Create a new task folder in the console tree called Eaglesoft Backup
  3. In the Actions pane, click on Create Basic Task
  4. Give the task the following name: “Eaglesoft Start Database”
  5. Under description, put “Automated task to start the Eaglesoft database after a backup of the server.”
  6. Set the event to start Daily
  7. Adjust the start time to a time of day after the backup will succeed. This could be 11:30 PM or later.
  8. Click on the Start a program radio button
  9. In the Program/script box input the following:
  • For Eaglesoft 15 and below: “C:\Program Files\Eaglesoft\Shared Files\techaid.exe”
  • For Eaglesoft 16 and above “C:\Eaglesoft\Shared Files\PattersonServerStatus.exe”
  1. In the Add arguments (optional) box put “-start”
  2. Click on the Next button
  3. Check the Open the Properties dialog for this task when I click Finish box
  4. Check the Run with highest privileges box
  5. Click the OK button
  6. Provide administrative login credentials and click on OK.

Step Three: Use an Image-based Backup Solution

The reason we recommend using an image-based backup solution is because you have more robust recovery options. If you were to just backup the Eaglesoft database, and your server crashed. The image below shows a simplified view of your system.

You server uses hardware like the motherboard, hard drive, and RAM to support an installed operating system. From within the operating system we have applications like Eaglesoft installed. The Eaglesoft application creates a database that only it is able to use.

When you use a File Backup Solution you only have backup data for the database. This means that if you were to have a hard drive fail, you would have to replace the hardware, then reinstall and configure your operating system. After you have reinstalled and configured your operating system, you then need to download, install, and configure Eaglesoft. Only after Eaglesoft is reinstalled and configured can you begin to restore your database from your file-based backup solution. This whole process could take days to complete.

When you use an Image-based Backup Solution, you replace the hardware just like the File-based Solution. From there you can restore the Operating System, Eaglesoft application, and Database. The whole process can take as little as 15 minutes if you use the right backup software.

 

 What Now?

We would love the chance to discuss your thoughts on backing up an Eaglesoft server. Let us know any alternative strategies that you have found useful. If there are any questions, put them in the comments below or give us a call and we are happy to help where we can.

Subscribe to our blog so you don’t miss out on amazing articles just like this!




The 3-2-1 Backup Rule-Are You Using This in Your IT Environment?




Post on : October 5, 2017

Small business owners everywhere are keenly aware of the requirement to backup their business-critical data. An easy-to-remember rule, that will assist you in creating a good backup strategy, is known as the 3-2-1 Backup Rule. The idea is attributed to Peter Krogh.

In his analysis, Mr. Peter Krogh stated “there are two kinds of people in the world – those who have had a hard drive failure, and those who will. He created a simple system that anybody can use to make sure their data is backed up and secure.

The 3-2-1 Backup Rule states the following:

  • Keep 3 copies of important data

  • Store your backup data on 2 different media types

  • Replicate 1 copy of this data offsite

 

Keep Three Copies of Important Data

The first copy is easy, this is the data in production – or primary data. You then need two additional copies of this data. Let’s use a simple example to understand.

You have a payroll file saved on your computer. We can then copy this file to a USB hard drive and also upload it to Dropbox. We now have three copies of this data.

The reason we do this is to minimize the chance of corruption or loss. Let’s assume the chance of a lost file is below:

1/1000.  or 1 in 1,000

When we have two copies of our data, the actual chance of losing our file is calculated below:

1/1000 * 1/1000 = 1/1000000 or 1 in 1,000,000

Now when we add a third copy, we gain another significant protection against data loss. See the calculation below:

1/1000 * 1/1000 * 1/1000 = 1/1000000000 or 1 in 1,000,000,000

 

Store on Two Different Media Types

It is extremely important to save your data on two different media type. In our example above, we had our primary data saved on our computer’s hard disk, with a second copy saved to an external USB drive. This is important to prevent the same types of hazards.

In this example we would make sure that the external USB drive is a solid state drive, where the internal drive on the computer was a traditional hard disk drive.

What are some other media types? You have plenty to choose from: hard drive, tape, optical, flash memory, and many others.

 

Replicate One Copy Offsite

In our original example you will remember that we saved our payroll file to a USB drive and then uploaded a copy into Dropbox. Finding a suitable offsite location for your data is critical.

We want physical separation between copies of our data. You can manually transport this data offsite by using drive rotation, but this is now highly discouraged. (Replication technologies can transport data offsite faster and safer than a person actually physically transporting the data.)

Best practice is to identify offsite storage and replicate your data to this target. This could be an FTP server, or public cloud service like Amazon or Azure.

 

What Now?

We would love the chance to discuss your thoughts on the 3-2-1 Backup Rule and any alternative strategies that you have found useful. If there are any questions, put them in the comments below or give us a call and we are happy to help where we can.




Bear Bones IT Intro Video – A Great Description of the Products and Services We Offer




Post on : October 5, 2017

If you are wondering how Bear Bones IT can help you and your small business, please watch the following video:

 

 

What Now?

We would love the chance to discuss your thoughts on outsourcing your IT needs to a managed service provider. If there are any questions, put them in the comments below or give us a call and we are happy to help where we can.




10 Easy Steps to Online Security




Post on : September 26, 2017

Every week it seems that we read an article about a massive security breach or a company that was hacked. If you have internet access on your computer or phone, you could be at risk too. By following these simple steps, you can reduce your risk.

  1. Keep your operating system and applications patched. When software companies discover specific bugs or flaws, they release patches to fix these issues. Many times, the flaws discovered are security vulnerabilities. Be sure to download and install software updates – especially for Microsoft, Adobe, and Java!

  2. Use different and complex passwords for online accounts. Most sites online now have an account creation process. The fact remains that most of us use the same password for all of these online sites – and this is extremely risky. Shoot for passwords that exceed 15 characters in length and are complex. Don’t worry about remembering different passwords for every site, there are tools to help you with that like LastPass, 1Password, and KeePass.

  3. Be critical of every email you receive. Don’t click or open an email unless you are sure who sent it. Even if you know the person, does the content look suspicious? Don’t open random emails with attachments – this is very dangerous.

  4. Be critical of every link you click. You should browse websites very cautiously. Many attacks “spoof” popular websites (like the login page to your bank) where you then enter your username and password. Take the time to make sure you are accessing the correct website.

  5. Put a password on every device. We know it is super convenient to just swipe to open your phone or boot straight into your operating system without having to type a password. Most modern phones will allow you to protect your phone with face-recognition software or your fingerprint. If you don’t have this option, choose a PIN. Don’t skip the password on your laptop or computer either. Remember, all of your information is stored on these devices!

  6. Use two-factor authentication where possible. This security method is used to double check that your identity is legitimate. You normally enter your username and password, and then have to confirm your identity through a text message to your phone, and email to your confirmed account, or a code from a separate device. Most major email providers and banks offer two-factor authentication – use it!

  7. Use a modern browser. Older browsers may have security flaws that websites exploit to execute malicious code that read your files, steal your passwords, and infect your computer with viruses.

  8. Force an HTTPS connection when available. Using HTTPS protects the transmission of data from an unauthorized third party. You can install the HTTPS Everywhere browser extension in Chrome, Firefox, and Opera. The extension forces an HTTPS connection whenever possible.

  9. Don’t skip on security software. Yes, it usually costs a little bit of money, but don’t skip on antiviral and malware detection software. Install the software and keep the definitions up to date.

  10. Don’t think you are immune on a Mac or iOS device. Online security goes beyond preventing viruses or malware from infecting your machine (you are not immune from these either). The majority of attacks happen due to human error. Be critical of the websites you visit and the email you receive.

Want some help with keeping your business data safe online?

Contact the experts at Bear Bones IT. We can perform a free security audit and help you to identify weaknesses in your IT system.

Phone: (385) 393-9367 | Email: info@bearbonesit.com




4 Ways to Fix A Slow Computer




Post on : September 14, 2017

Slow and steady wins the race in life, but not at the office while on your computer. Nothing can ruin a workday faster than a slow system. Be careful with what you find online. Lots of sites offer “tune-ups” which are unreliable and often download viruses and other malware. Use these simple steps to get your computer running fast again:

 

  1. Disable programs that run at startup. When you install applications on your machine, often times these applications will try and run as soon as your computer starts. Many of these applications can significantly affect the speed of your computer at startup. You can prevent these programs from running at startup in Task Manager. Select the application that you don’t need running at startup and click on the Disable button.

  2. Disable unnecessary browser extensions and add-ons. Similar to the last step, you may have a significant number of browser extensions installed which are affecting your web browsing experience. Go into your browser’s settings and disable any extension or add-on that you don’t use regularly.

  3. Remove viruses and other malware. Your computer may be running slowly due to a virus or malicious software. Use a good anti-viral and malware removal program to clean your computer of any infections.

  4. Upgrade to a solid state drive. If you are still using a mechanical hard drive, then an upgrade to a solid state drive will instantly deliver faster boot times, app loading times, and file transfers

Want some help with speeding up your work computer?

Contact the experts at Bear Bones IT. We can help fix slow computers at the office!

Phone: (385) 393-9367 | Email: info@bearbonesit.com




Bear Bones IT Giveaway – Enter and Win a $100 Amazon Gift Card




Post on : September 6, 2017

We are so excited to open our doors for business. In fact, we couldn’t be happier, so we want to share the excitement with everyone. To celebrate, we are giving away a $100 Amazon gift card. Take a look at the details below:




Cloud Migration Strategies That Small Business Owners Should Adopt




Post on : August 9, 2017

Now that public clouds have defined their value-add to the small business owner, the majority of small businesses are planning their migration strategies to either replace or supplement their on-premise IT requirements.

In a recent survey conducted by Xero, “results showed that 71% of small business owners have at least one quarter of their business running in the cloud, a significant increase from only 23.5% reported in a survey conducted 18 months ago.”

 

1. Migrate Email Services

The complexity and time commitment to running an Exchange server onsite is daunting. Small business owners, more than anyone, should look to moving their mail services into the public cloud. The two major players are Microsoft Office 365 and Google G Suite. Both come with their advantages and disadvantages, but remain a good choice for many reasons.

  • Lower costs – cloud computing leverages economies of scale. The hardware resources of your single mail server are probably under-utilized. Mail servers deployed in public clouds are fully utilized and therefore reduce the cost for the small business owner. Essentially you are paying for what you use. Other cost savings include hardware, maintenance, and power usage, and rack space.

  • Optimized for mobility – Both Office 365 and G Suite include apps across all major mobile platforms. These apps allow quick and easy access to email and files. This caters to a small business that may not be tied to a desk all the time.

  • Scalable – As your business grows, so does the requirement for on-premise hardware. The small mail server that accommodated 5 employees probably struggles to keep up with 50. In the cloud, you normally pay a fee per user. All the other concerns regarding hardware optimization are taken care of by the cloud provider.

 

2. Replace Your File Server

Depending on your requirements, you could potentially use an online file repository. Again Microsoft and Google are two of the major competitors in this space with some additional competition from Dropbox and Box. If your files remain unchanged and are smaller in size, you can easily increase accessibility and collaboration for your team simply by placing these files in one of these online services.

These services normally allow you to configure permissions. This prevents the wrong person in your organization from accessing a document not meant for their review.

 

3. Hosted Applications

Your application server may be replaced by migrating these services into Amazon Web Services (AWS) or Microsoft Azure. You can custom build a virtual machine to your exact requirements, and host your specific application in the cloud. You will leverage greater up-time and provide increased reliability of your hosted services — all of which should make your customers very happy.

Companies providing services to customers in different parts of the world (Europe and Asia Pacific) may consider hosting their service in regional data centers that comply with data sovereignty and retention laws. Both AWS and Azure give you the choice of where to host your new server.

What Now?

We would love the chance to discuss your thoughts on cloud migration strategies for small businesses and maybe even learn what strategies have worked for you and your team. If there are any questions, put them in the comments below or give us a call and we are happy to help where we can.




Why the Most Successful Small Business Owners Outsource Their IT Needs




Post on : August 9, 2017

While living abroad, I spoke to a business owner in Portugal who changed my way of thinking. He mentioned the struggles of running a startup and then stated it was extremely important that a small business run as well as a Fortune 500 company.

Think about that for a second. As a small business owner, you are competing with large, multi-national companies and an uncountable number of smaller businesses, all vying for the same customer. If you are to compete and grow your business, you have to spend your precious time on meaningful activities.

Therein lies the struggle! Most small business owners have to manage every aspect of their business — sales, marketing, IT support, and even janitorial. When your responsibilities take time away from your core business activities, you have stopped competing. This essentially means you are losing business in that very moment to one of your competitors.

What should you do?

Outsource some aspects of your business where it makes sense. Let’s discuss the IT requirements a small business may have.

Instead of spending time on hold with technical support, or just “dealing” with a broken computer or printer because you don’t have time, consider using a managed service provider to take care of these items for you.

In addition to fixing your immediate IT problems, a managed service provider can help your business run more like a Fortune 500 company.

A good service provider will ensure that all mission-critical systems are being backed up and test restore functions on a regularly scheduled basis. In addition to backup software, a service provider will make sure your network is secure and protected from viruses and other attacks.

You could do this work yourself, or worse hire an employee to perform these functions for you, but this puts you at a competitive disadvantage. Your cost is too high. By using a managed service provider you leverage and pay for only a portion of the resource that you need.

Think like a Fortune 500 company and outsource activities that are not core to your business whenever possible. This should help you focus more on your customer and hopefully take business away from competition that isn’t similarly focused.

 

What Now?

We would love the chance to discuss your thoughts on outsourcing your IT needs to a managed service provider. If there are any questions, put them in the comments below or give us a call and we are happy to help where we can.




Three Ways Healthcare Professionals Can Protect Against Ransomware Attacks




Post on : August 3, 2017

To be blunt, the healthcare industry has become a favorite target of ransomware attacks. According to the 2017 Global Threat Intelligence Report (GTIR) published by NTT Security, 77% of all detected, global ransomware cases were in just four industries — and the healthcare industry was unfortunately listed.

If you are a healthcare professional, you have no choice but to deal with this threat. According to a recent US Government interagency report, “more than 4,000 ransomware attacks have occurred daily since January 1, 2016. This is a 300-percent increase over the approximately 1,000 attacks per day seen in 2015.” These attacks are encrypting protected health information (PHI).

Things are even more complicated when you consider how the Department of Health and Human Services (HHS) and the Office for Civil Rights (OCR) view a ransomware attack and the responsibilities of healthcare professionals under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). In a recently published fact sheet on the topic HHS stated that “unless the covered entity or business associate can demonstrate that there is a ‘…low probability that the PHI has been compromised,’ based on the factors set forth in the Breach Notification Rule, a breach of PHI is presumed to have occurred.”

That’s right, HHS presumes a breach of PHI under HIPAA in the event of a ransomware attack. Before panic sets in, you need to know that there are very important and critical steps that every healthcare professional needs to take to secure all PHI and comply with HIPAA requirements.

 

1. Implement good backup and disaster recovery policies

Imagine if your practice was affected by a ransomware attack. You could lose access to your patient records, financial data including outstanding receivables from various insurance companies, upcoming appointments with patients, and other mission critical data.

Having multiple and redundant backups of this data is critical — not to mention a requirement under the Security Rule for HIPAA covered entities. Even further, you need to constantly verify the integrity of all backup files and test the that they can be restored.

 

2. Deploy advanced security and antiviral solutions to prevent and catch these attacks early

A layered approach is the most effective method to stopping ransomware before it encrypts your data. A quality firewall installed and configured correctly can tease out ransomware and deter sophisticated attacks. Today’s ransomware can morph its code to pass right under many detection algorithms. A good firewall will utilize advanced network monitoring and analytics to detect and quarantine potential threats.

Installing antiviral software on every networked machine in your office is also extremely important. In addition to looking for recognized definitions, this software will also utilize behavior-based detection methods.

 

3. Train all Personnel and Medical Staff

Ransomware attackers have adopted advanced techniques to convince everyone at your medical practice to click on a link that opens the door for malware to infect the machine. From phishing attacks to malvertising — where attackers infuse their ransomware into legitimate online advertising and webpages that are often frequented by your office staff — there is a constant threat that somebody accidentally clicks on a bad link.

Security awareness training will help your staff to be safer online and thereby reduce the threat of a ransomware attack. Educating employees about the seriousness of malware and helping them to avoid common pitfalls will lead to a safer network.

 

What Now?

We would love the chance to discuss your thoughts on the matter and maybe even learn what strategies have worked for you and your team. If there are any questions, put them in the comments below or give us a call and we are happy to help where we can. Stay safe out there!