Having an efficient IT system is one way a business can improve productivity and earn more. But IT technologies are constantly changing and upgrading, and those who don’t keep up can lose money in the process.

In this day and age, few businesses (if any) can survive without an IT arm. Every business, big or small, needs someone, or preferably a group of people, on hand to fix computer problems, check networks, monitor software – to generally make sure that their operations are running smoothly.

One question, though: have you ever stopped to consider whether the cost of maintaining your in-house IT system is worth it? For instance, consider your internet connection. Let’s say that a conservative estimate of the efficiency of your business without an internet connection is at 50%. And if your business makes a $1 million a year, then $500,000 depends on your internet connection. If your monthly bill for that connection is $500, or $6,000 annually, you earn $500,000 – $6,000 = $494,000. Now, if you decide to switch to a cheaper DSL connection, which is about $50 per month or $480 a year, you get a much higher figure: $499,520.

You could argue that the DSL is the wiser option, but when you look at a deeper level, a slower internet connection may also hamper your company’s productivity – let’s say, by 10%. So with only a DSL connection, your business operates at 90% of its total possible productivity. Considering the previous figures, a loss of 10% in productivity means a loss of $100,000. Subtract that savings from the DSL connection, $5,520 – you get a whopping loss of $94,480. So when you think you’re saving by getting a cheaper internet connection, you are actually losing more money. Inversely, if you subscribe to an even better connection that costs you $10,000, productivity can increase by $15,000.

The same principle applies when your IT infrastructure is not up to date, with slow computers, outdated software, and other problems. In a company with 10 employees who bring in an annual average of $65,000 each, even losing productivity for just 35 minutes a day due to IT handicaps can cost you $47,000. Hardly chump change! But hiring an IT provider who charges $20,000 a year can offset that lost productivity and even make your business run better, by as much as $27,000. It’s also noteworthy to mention that employing an IT firm can count as a legitimate business expense, thereby lowering your tax liability to about $8,000 if you peg corporate tax at 40%.

IT is important to a business. If you doubt that, just try doing without it for a week – just shut the whole thing down. For most, that’s out of the question, but operating with old software and hardware is almost just as bad. However, many businesses cannot spare the resources to continually upgrade their IT systems.

Enlisting the services of an IT firm changes all that. IT Service Providers are constantly on the lookout for better technologies – both hardware and software – that can make your business function much more efficiently and cost effectively. It’s what they do. And the costs are minimal. If you’re wondering how much better your company might operate with an IT Service Provider, we’ll be happy to sit down with you and run some numbers.

Every year, the highly respected Verizon Business RISK data crime–investigation team publishes an analysis of major online data thefts it’s been asked to study.

This year, a first-ever joint report by VBR and the U.S. Secret Service presents a fascinating view into the state of the data-stealing art, with many surprising facts that should interest all consumers.

Throughout 2009, according to the 2010 Data Breach Investigation Report (PDF), Verizon investigated 57 “confirmed breaches” that included data theft. The Secret Service investigated 84 similar cases. That’s 141 verified cases covering a total of 143 million data records owned by organizations around the world. Verizon’s efforts led to arrests in 15% of its cases; the Secret Service’s rate was a more-impressive 66%.

As you might imagine, many of the victimized companies don’t want their identities to be known. The report states, “… about two-thirds of the breaches covered herein have either not yet been disclosed or never will be.” Nevertheless, this aggregate report is still important: it gives an excellent overview of security problems that could affect you, the consumer.

Who’s stealing sensitive data? Surprise!

I always assumed that most people involved in stealing sensitive data from organizations — bank records, credit-card numbers, personal information — were rogues acting alone, selling their booty via clandestine channels to the highest bidder.

Wrong!

An astonishing 85% of all stolen data records can, according to this report, be traced to organized crime. “Banding together allows criminal groups to pool resources, specialize skills, and distribute the work effort.” Lone wolves aren’t stealing our data. Rather, it’s groups of people, acting in concert with one simple motive: profit.

The report quashed many of my other preconceived notions. For example, insiders (employees, executives, programmers) were actively involved in 48% of the cases — which doesn’t surprise me — but they were implicated in only 3% of the total number of records stolen. Insiders participate in smaller jobs.

I was also surprised to find that the percentage of pilfering attributable to business partners — a category that includes IT service providers, suppliers, and vendors — has fallen steadily. The report can’t pinpoint the reason for the decline in partners’ shenanigans, but does point to the possibility that increased awareness of third-party security threats may be a factor.

It also mentions organizations such as hotel, restaurant, and retail companies that hire outsiders to provide IT services: “Organizations that outsource their IT management and support also outsource a great deal of trust to these partners.” If your company’s thinking about outsourcing, that’s a word to the wise.

And, contrary to widespread publicity, no foreign governments were implicated in data thefts, according to this report.

How the bad guys get your personal information

While headlines herald stories about a bank employee losing a notebook with a gazillion account records or a civil servant dropping a disc with Social Security numbers, the report notes that 98% of the stolen data was snatched directly from company servers — mostly by use of malware and direct hacking.

Once again, the Verizon/Secret Service numbers surprised me. More than half of the malware infections came from direct installation (injection) by the attacker, and SQL databases led the list of subverted systems. SQL injections frequently rely on well-known quirks in SQL systems; craftily assembled SQL database queries, for example, can install programs that pluck data and send it to the requester.

Perhaps the best-known SQL-injection attack involved American Albert Gonzalez, who on March 25 was sentenced to 20 years in federal prison for stealing more than 90 million credit- and debit-card numbers. (See Wired’s March 25 Threat Level post.) As the Verizon report says, “SQL infection vulnerabilities are endemic, and to fix them you have to overhaul all your code.”

The second-most-popular method for subverting servers uses drive-by Web infections (where you get an infection without actually clicking anything on a malicious site), followed by infections that require user interaction (”click here to clean your system” come-ons, for example).

Added together, injections and Web infections using malware accounted for 79% of all stolen data — not e-mail, not infected documents, and not zero-day attacks.

Keyloggers — those surreptitiously installed programs that record what you type — made up 36% of all the data breaches but accounted for only 1% of the clandestinely collected data. That’s a big change from last year, when keyloggers collected more than 80% of the compromised data. The bad guys have found more efficient ways to take your information.

And what of the never-ending process of receiving and applying security patches to quickly shore up those security vulnerabilities? Not an issue, says the report. “It is very interesting to note that there were no confirmed cases in which malware exploited a system or software vulnerability in 2009 … there wasn’t a single confirmed intrusion that exploited a patchable vulnerability.”

What companies must do to protect our data

If this is all starting to sound hopeless, it isn’t. The authors of the report offer many suggestions that every company with sensitive data should consider. Most of it doesn’t stray too far from common sense: give access to sensitive information only to employees who need it, watch your access logs, encourage strong passwords, warn employees about installing rogue antivirus programs, and so on.

Even if you aren’t involved with an organization that handles sensitive data, you need to know that the kinds of attacks documented by Verizon are getting larger and more complex.

You can help by regularly checking all of your online information that you can access, reporting any data or activity you see that’s out of the ordinary. Immediately tell your bank, your credit card company, and your stock broker if you think something’s gone awry.

As the report says, “Third-party fraud detection is still the most common way breach victims come to know of their predicament” — in other words, companies learn of breaches when customers report them.

So if you think your data’s been stolen, holler yer head off!

Before you entrust your sensitive data to a “cloud” service provider, make sure you weigh the risks with the benefits.

“Cloud computing,” largely synonymous with Internet-based computing, has become a hot topic of discussion among many in the business community, with its promise of radically simplifying the access to, and use of, computing resources on demand. It’s no wonder then that it’s been small businesses, often without full-time IT resources of their own, that have been the first to adopt the concept. As a business owner, however, before you start moving critical data to the “cloud,” you’ll do well to bear in mind the risks that come with the computing model.

First is security and privacy—ask how the service provider ensures the confidentiality and integrity of your data while in their care. Do they provide backups? Can you back up your data yourself? Are their security processes and procedures reviewed and vetted by a third party?

Next is availability. Do they guarantee the uptime of their services—7 days a week, 24 hours a day? Do they provide a service level guarantee? Do they have processes in place to handle exceptional circumstances that can disrupt services, such as a natural disaster? Is support readily available to help in case you encounter any issues?

Finally, there’s cost. While pay-as-you go can be attractive, the total cost over time can add up. It’s worth thinking two to three years out and considering the total cost versus alternatives.

Asking these basic questions can go a long way in giving you peace of mind before you entrust your valuable data and core business systems to the care of others. If you’d like some help sorting all this out and making the best decision for your unique needs, give us a call.

To see images the way they are intended to be seen, calibrate your monitor so that what you see is what you get. Here’s how.

Read more.

Making your business greener isn’t only good for the environment, but can also help your business become much more cost effective too.

There’s been a lot of buzz about environmental issues such as climate change, and with the effects reaching everyone around the world, we all need to do our part to help. The good news is that going green in your office or business can also help you become more cost effective. Here’s how:

• Shut down your system when it’s not being used. The principle behind this is pretty simple – you can save electricity and the bills you’ll have to pay with a simple system that can power down when it’s not being used.
• Downsize your infrastructure. You’ll save on bills and power consumption, as well as equipment. Determine the workstations that can be run on a skeletal system, with the heavy lifting done virtually or remotely. This is especially applicable to companies that have people frequently on the road or in the field. Also, if you let people work from home or remotely, there is little need to maintain a vast infrastructure at the home office.
• Go for a paperless office. Paper comes from the cutting down of thousands of trees, and buying it costs money. But these days with almost everything done electronically, paper use can be reduced to a minimum, if not eliminated completely.
• Turn your trash into gold. If you have old units you’re going to throw out but are still in working condition, consider donating them to charity and get a tax break. Or, try to recycle them. E-waste is becoming a big problem these days, so the less you throw away, the better.

If you’d like to know more about how to make your business more cost effective and environment friendly at the same time, we’d be happy to talk with you and draw up a plan that’s specifically suited to your needs.

Scanners are the critical link between the non-digital and the digital world. Any picture or document can be turned into a digital format with a scanner. When looking for a scanner, you want to get one good enough to do what you need it to do, but avoid overpaying for features you will not use. The first thing to look at is resolution.

Read more.

Despite the clear trend towards greater adoption of mobile devices by businesses and consumers, a new study finds that many businesses are not taking full advantage of the opportunities created by this trend—especially in sales and marketing.

Global smartphone shipments continue to rise, driven by operator subsidies, lower barriers to adoption with the introduction of lower-cost models, and greater choices afforded by vigorous competition from companies such as Apple, RIM, Microsoft, and Google. Not far behind is the rising interest and adoption of other mobile devices, such as tablets with the success of Apple’s iPad.

Despite this trend, a new study by eROI, an online marketing agency, finds that many businesses are not taking full advantage of the opportunities it creates—especially in sales and marketing. The company surveyed 500 businesses, and the majority cited lack of resources and little understanding of what needs to be done as the major barriers to capitalizing on the trend. This, despite findings which show 91 percent of the population use mobile devices, with 23 percent using smartphones that make extensive use of online services.

Companies would benefit from looking at how these trends can be leveraged for building a strategy toward reaching new customers, engaging current customers, and creating rich experiences for both. Some examples from early pioneers in this area: building versions of their website that can be viewed comfortably on mobile devices, using services that make extensive use of social networks and location-based services such as Facebook and FourSquare that work well with mobile devices, and even building custom applications to provide a new channel for reaching and serving customers.

Companies can start small with pilot projects then work from there to see which work best for their businesses.

Physicians can sign up for the EHR incentive program in January 2011. To begin receiving payments, they must have demonstrated meaningful use of certified Electronic Health Records (EHRs) for 90 days—which means the first incentive payments will likely go out in May 2011.

Now that the Centers for Medicare and Medicaid Services (CMS) has released its final rule on meaningful use, the agency is preparing the systems that will trigger incentive payments—which physicians will start receiving as early as May 2011.

The CMS will open registration for the incentive program in January. Physicians can begin signing up for the program then.

To sign up, eligible Medicare physicians must have: (1) a national provider identifier and be enrolled in the CMS Provider Enrollment, Chain and Ownership System (PECOS), which validates and tracks the enrollment of providers and suppliers in the Medicare program, and (2) an active user account in the National Plan and Provider Enumeration System (NPPES), which assigns unique identifiers to health plans and providers in exchanging health information.

To begin receiving payments, physicians must verify that they have demonstrated meaningful use of certified Electronic Health Records (EHRs) for 90 days.

Physicians do not have to inform CMS of which certified EHR system they are using until they submit information verifying they have met meaningful use requirements. As a result, physicians may use an EHR that hasn’t yet been certified but that they expect will qualify for certification by the time they verify that they have demonstrated meaningful use for 90 days.

Related articles: CMS will start incentive payments in May 2011

The continued exploit of many vulnerable applications that have been fixed by vendors for over a year highlight the need to keep software updated with the latest versions and patches.

A new report released by security firm M86 Security reveals a trend toward more sophisticated forms of malware in taking advantage of vulnerabilities in common software applications and developing techniques to avoid detection.

In M86’s report, among the applications commonly exploited are Microsoft’s Internet Explorer and Adobe Reader. Another vector for malware that hackers have been using recently is Java and Adobe’s Flash—which are installed on many PCs, often as plug-ins to most browsers.

Although the vulnerabilities in these applications have been identified and patched for over a year, failure to keep up with the latest updates have made many systems still vulnerable to attack. Our customers taking advantage of our Managed Security need not worry, since we make sure our customers’ systems are patched as soon as updates become available. Find out more about our Security Offerings today.

Mozilla implements new initiatives to ensure the security of its browser to fix the main security holes, and this brings Firefox’s latest version to 3.6.7

The Mozilla foundation, the organization behind the Firefox browser, announced recently that it has released a patch to fix many major security holes found in its software, as well as the pull out of malicious add-ons in its extensions gallery.

A new update brings Firefox’s latest version to 3.6.7, and includes fixes for nine critical issues that could potentially be exploited by hackers to launch attacks on vulnerable systems. This comes after recently pulling out a password stealing add-on called the “Mozilla Sniffer” in the Firefox extensions gallery. As a preventive measure, the Mozilla foundation has announced a US $3,000 security bounty program that for anyone who finds an eligible security bug. It has also announced that it will implement a source code review of add-ons to catch potential malware that could be injected into otherwise patched Firefox browsers.

As always, users are advised to be constantly on guard and to make sure they are using the latest updated versions of their software. Customers under our Managed Security program benefit by letting us do the worrying and updating for them, so they can focus on their business instead of their security. Not on our Managed Security program? Contact us today.