1. Protect your devices from thieves. All mobile devices should be passcode-protected and loaded with apps that will help you track and find them in case they get lost or stolen. For iPads and iPhones, there’s the free “Find My iPhone.” Android users can try “Lookout Mobile Security.” These apps allow you to remotely wipe the device if it falls into the wrong hands; you definitely don’t want to expose yourself to identity theft or allow someone access to your company’s network and client data. Also, never leave your device anywhere you wouldn’t leave your wallet.

2. Backup. Mobile devices get lost and destroyed more often than desktop computers because you’re dragging them around from place to place and exposing them to non-gadget-friendly environments; therefore, make sure you are backing up all the data to the cloud. All it takes is a spilled cup of coffee to erase those precious family photos and videos and confidential business data saved on the hard drive; and most people don’t think about backing up their phone.

3. Take caution when connecting to free public Wi-Fi. Hackers with routers and readily available software set up rogue hot spots for spying and serving you fake websites. They often name these hot spots something generic such as “Coffee Shop” or “Linksys” to fool you into thinking they are safe. You think you’re connecting to the coffee shop’s Wi-Fi, but you’re actually accessing the web through their portal. If you are going to use public Wi-Fi, simply use it for general web surfing, not shopping, banking or accessing critical data.

4. Turn off sharing. If you use a laptop, you might have it set to share files and folders with other computers at work or home. However, you don’t want those settings “on” when connecting to a public network. When connecting to a public hotspot for the first time, Windows will ask you for a location type; choose “public” and it will automatically reset your settings to turn off sharing.

5. Carry your own connection. If you’re going to access your bank account, go shopping online or retrieve critical data when traveling, invest in your own personal Mi-Fi connection. We recommend Bell or Rogers Mobile Internet Hot Spot. If you don’t have one and you need to make an emergency balance transfer or an immediate purchase to save a significant amount of money, it’s safer to use your cell phone. When banking, use your bank’s official app and sign up for any extra security they offer.

Your IT Support Provider Should Make Sure All Your Mobile Devices Are Secured In Case of Theft Or Loss

We got him set up on a spare laptop they had in the office, and we rushed an order for a new one.

Thankfully his password was very strong and we were able to validate that in the days since the theft, the laptop did not connect to the internet which meant that the laptop was likely wiped and resold.

Theft and loss of equipment, while the chances can be minimized with proper care, is not 100% preventable. What we can do is minimize the risks and productivity disruptions if it does happen. Most times thefts are just grab and run – the system gets wiped and sold in a back alley. But sometimes it ne’er gooders who have the time and the desire to use the device to try and capture licensing codes, credit card information and any data they can use for monetary gain.

How to prevent the data on your lost laptop from getting into the wrong hands:

Data Security: Only have the data that you ABSOLUTEY need, on the laptop when you are outside of the office (i.e. NO credit card numbers). This way if the device ends up in the wrong hands, you limit exposure to the data that can be seen.

Have good strong password – the general rule is at least 8 characters (longer the better)with a combination of letters (lower and uppercase), numbers and symbols.

Report the loss to management and your IT provider the MOMENT it’s lost so that they can either leverage ayn monitoring devices to see if the device is on line, or disable remote logins to the company network from the device. This would prevent access to the internal network by whomever has the laptop.

Productivity: Depending on how large your organization is, always have a good quality spare laptop that can be deployed and useful to staff right away in the event their primary device is lost or damaged beyond repair. We see a lot of companies who keep their four year old slow-as-a- snail laptop around for such purposes. What happens is this turns a bad situation worse when the employee works on a dinosaur. As a rule of thumb, for every 5 laptop users in your company, you should have 1 good quality spare laptop.

      Cloud computing, a form of outsourcing involving the delivery of computing services over the Internet using shared resources, offers many potential benefits to small and medium-sized enterprises (SMEs), including scalability, flexibility and cost-efficiencies.   Many SMEs already use cloud computing for data processing, storage and backup, for accounting services, for communications, or for customer service and support.  Unfortunately, many companies do not even realize that they are already “in the cloud” if they use cloud based e-mail services for business correspondence, or any online service to collaborate on documents containing personal information. 

     The focus of the OPC Guidance Document was to remind SMEs that under Canada’s private sector privacy legislation, an organization that collects personal information from an individual is accountable for the personal information even when it is outsourced for processing to third-party providers. Thus, all businesses in Canada, regardless of their size, are ultimately accountable for the personal information they collect, use and disclose even if they outsource personal information to a service provider that operates in the cloud.
     Unfortunately, many standard cloud computing agreements (especially for ‘free’ services) contain legal terms that are not sufficient to allow SMEs to meet their Canadian privacy obligations. Moreover, standard cloud computing agreement often allow a provider to unilaterally change the agreement, limit its liability for the information, and/or subcontract to various other providers.  However, as confirmed by the OPC, SMEs must use contractual or other means to ensure that personal information is appropriately handled and protected by the cloud provider.

The OPC also recognized that security in the cloud is of paramount importance and the Guidance Document offered some best practice guidelines.  SMEs using cloud computing services should:

 Þ Limit access to the information and restrict further uses by the provider;

Þ Ensure that the provider has in place appropriate authentication/access controls;

Þ Manage encryption;

Þ Ensure that there are procedures in place in the event of a personal information breach or security incident;

Þ Ensure periodic audits are performed; and

Þ Have an exit strategy.

SMEs must pro-actively maintain control over personal information that is sent to a cloud provider, and take steps to prevent and limit secondary uses of personal information. Again, due diligence on the part of the organization will be required before signing a standard cloud agreement and moving personal information to the cloud.  SMEs must (i) clarify what, if anything, the prospective cloud provider will do with the personal information provided; (ii) seek customers’ consent for new uses of their personal information; and (iii) always keep in mind the reasonable expectations of the individual.

      As the OPC noted, Canada’s private sector privacy legislation does not actually prohibit organizations in Canada from transferring personal information to an organization in another jurisdiction for processing. However, SMEs must recognize that personal information that is transferred to another country is subject to the laws of that jurisdiction and the data may be physically located in several jurisdictions. The cloud provider’s backup servers could be in a different physical location than the primary servers. SMEs must understand where the data will reside to fully comprehend the legal regimes for protecting personal information and the circumstances under which data may be accessed by foreign courts, government agencies, and law enforcement. Additionally, organizations that outsource personal information cross-borders do have a legal obligation to use clear and understandable language to inform individuals that their personal information will be transferred to a cloud provider, that their personal information may be stored or processed in a foreign country outside of Canada and that it may be accessible to law enforcement and national security authorities of that jurisdiction.

      Even if a SME has outsourced personal information, it must have the ability to access data at any time (including backups and archives), make corrections, and investigate any allegations of non‑compliance with privacy obligations. In the event of a data breach, organizations will also want control over the procedures to notify affected individuals.

      Organizations must also be cautious that they not lose control of the personal information transferred to the cloud provider. As noted the OPC, maintaining control means that data ownership is to be clearly defined in the cloud computing agreement (including specifics as to what the provider can do with the personal information and what will happen to the personal information if the provider ceases to operate). Organizations must also have the ability to terminate the cloud contract, retrieve the data from the cloud provider, and have the cloud provider attest that no personal information is retained in its systems, or any of its subcontractor’s systems. Lastly, the OPC Guidance Document contains a list of key questions that organizations should take into account when shopping for a cloud computing solution.

      It is clear that organizations must take care to fully assess the benefits, risks, and implications for privacy when considering a cloud computing solution.

  This article was written by Lisa R. Lifshitz and reprinted with permission from the Winter 2013 issue of Torkin Manes’ FOCUS newsletter. Lisa R. Lifshitz is a partner in Torkin Manes’ Business Law Group, specializing in the area of information technology. Lisa also practices in the area of privacy and information management, advising Canadian and international clients on compliance with Canadian privacy requirements. She is also the leader of Torkin Manes’ new cross-disciplinary Technology, Privacy and Data Management Group.  She can be reached at 416-775-8821 or llifshitz@torkinmanes.com

<em>”Technical Action Group provides managed IT services, network support and technical support for Toronto businesses who heavily rely on technology in their day to day business with 10 – 75 PCs. <a href=”http://www.technicalactiongroup.com/contact/”>Contact us </a>now on 416-489-6312 to speak to one of our friendly staff to find out how we can take the frustration out of managing your IT assets.”</em>

Use dual monitors

 According to a University of Utah study, you can increase your efficiency by 25% just by adding a second monitor. Performance measures included task time, editing time, number of edits completed, number of errors made, as well as usability measures evaluating effectiveness, comfort, learning ease, time to productivity, quickness of recovery from mistakes, ease of task tracking, ability to maintain task focus, and ease of movement among sources. All of these factors combined show truly increased productivity.  All of us at TAG have been using dual monitors for well over a year.  Ask any of us, and we’ll just as soon give up one of our kidneys, than our second monitor.  Yes, we love them THAT much….I’m even planning on a getting a third for myself.

Block social media sites and/or other non-work related content online

 THIS one won’t be popular for a lot of people, but if you want to get more done, then take the distractions out of your day. Of course if your job is “social media director” for your company, this doesn’t apply; for all the other workers in your office who don’t NEED to go on Facebook, Twitter and YouTube to do their job, this will remove the temptation to “snack” on social media sites throughout the day, which add up to hours wasted on entertainment surfing. Content filtering software  can easily manage which sites you can and cannot go online to view, also keeping employees from gambling, searching for jobs, reading the news or visiting sex sites.  See page 4 of this newsletter for more info on content filtering and how you can save thousands on employee productivity.

Set up remote access

 It’s incredibly easy to access files, e-mail and programs from home (or while on the road) these days using cloud technologies or other remote access applications. Not only does this allow people to keep working when forced to stay home with sick kids or to wait for the plumber to show up, but employees would also put in several more hours of work on their own initiative if they could easily jump on their home PC and connect to the office.

Each of these is an EASY fix for us to implement. If you want more details on how to get these implemented into your business, just give Joseph Stoll a call at 416-489-6312 x 204 or shoot him an e-mail at JStoll@TechnicalActionGroup.com

 “Technical Action Group provides managed IT services, network support and technical support for Toronto business of all sizes. Contact us now on 416-489-6312 or contact us to speak to one of our friendly staff to find out how we can take the frustration out of managing your IT assets.”

Here are five things you should be doing, aside from backing up your data, to ensure your business is ready for anything:

• Where to work. One of the first things you should consider is where you’re going to work if your office is inaccessible. Hotels, convention centers or other office buildings are viable locations. Whichever location you pick, you should pick at least two different places, as far apart as possible. You should also be sure to inform your staff and include maps of the routes to the locations you’ve chosen.
• Replacement equipment. It’s incredibly important that you know exactly what equipment you use and how integral it is to operations. For mission critical equipment (equipment your company absolutely can’t work without) you need to have a plan in place as to how you can quickly replace lost equipment, the cost of it and replacement time. For less important equipment, you should have a couple of vendors in mind.
• Communication systems. During adverse business conditions it’s vitally important that you and your employees are able to communicate both with one another and with your clients. You should look into a communication system that’s flexible, can be established wherever you are and allows you to keep your numbers. VoIP is a great system, telecommuting is another option as well.
• Coordinate staff. Your staff drive your business. Without them, your business likely won’t be able to run. With the continuity plan you develop, it’s important that you have hard and soft copies of the plan that are accessible to all staff, and staff know their role in the plan.  When your plan is enacted you need to contact your staff and ensure that there aren’t any problems.
• Access to critical documents. If you have a good backup location, can set up equipment quickly and staff know their roles you may think your plan is perfect; however you’re missing one key element: access to documents—employees won’t be able to work without them. It’s important to ensure that you can access your data backups, which means you should probably keep copies offsite and in the cloud if possible.

While a continuity plan is important, hopefully you’ll never have to enact it. Nevertheless, you should plan for the worst. If you’re unsure of where to start, or feel your current plan is inadequate, please contact Joseph Stoll who can help you navigate the waters. 416-489-6312 x 204 or JStoll@TechnicalActionGroup.com.

Loading Windows 8 onto machines previously running Windows 7
Windows 8 performs faster on the same hardware and is very stable. Microsoft has done a phenomenal job on this operating system that’s actually built on the Windows 7 architecture (as opposed to rebuilding from scratch)

It’s important to understand that Windows 8 has been written to be fully functional with a touch screen (like Microsoft Surface or its competitor iPad). So these are great features for a touch screen as you can move efficiently between your most used applications and the new Metro applications (touch friendly apps specifically written for Windows 8). However with a standard mouse and keyboard, navigating between all the apps is slower and can be a bit cumbersome until you have all of your shortcuts set up.

My personal experience has been that I had to change the way I typically work and set my commonly used applications up on the taskbar so that I could maintain my efficiency and once I was used to this, my efficiency was regained. However I have no use for the Metro applications on my desktop PC. That said, I can see how the Metro applications are optimized for the tablet user.

Compatibility with Non-Microsoft Applications
The biggest difference with Windows 8 – it comes preinstalled with Internet Explorer v. 10. A large percentage of the websites that I’ve encountered are not using the latest versions of html that are optimized for this new browser. Shortly after doing my upgrade to Windows 8, I needed to attend a GoTo Meeting session hosted by one of my vendors. To my surprise, the plugins required to access the presentation were not compatible with Internet Explorer 10 and Windows 8. While this is expected to some degree while the vendors rewrite their websites and software to be compatible with IE 10 and Windows 8, I was surprised to see such a major service provider like GoTo Meeting (which is a Microsoft partner), to not have already updated their software to be fully compatible with IE 10 and Windows 8. Thankfully I had a Windows 7 system available so I could still attend the GoTo Meeting. As we’ve seen in previous operating system upgrades, it takes a while for all the software vendors to update their applications to be fully compatible. Lesson learned here: check to see whether the vendor websites that you heavily rely on in your business are fully compatible with any operating system new to the market. However, there is a potential workaround for some issues:

What I have found with many websites is that by simply downgrading the browser version while you are on the site (from IE 10 to IE 8), allows me to get most tasks completed on the site. To be clear, this doesn’t help if the plugins are not compatible which was the case with GoTo Meeting. It’s worth noting that this downgrading has a hassle-factor because it needs to be done each time you visit the website – can’t just do it once and the website will remember (or at least we haven’t found a way to make that happen)

Hibernation On a Laptop
The power management features are greatly enhanced over Windows 7 in that batter life is preserved for much longer and going into and coming out of hibernation is quick and reliable.

OUR FINAL VERDICT
It’s a keeper, but we don’t expect to be recommending that clients upgrade until at least June or July which is when we expect that most of the third party application compatibility issues will be resolved and Microsoft will have released any enhancements required so that Windows 8 works smoothly with the myriad of applications out there. Like with anything new, it takes a bit to get used to. For tablet users, Windows 8 will be phenomenal since it’s optimized for a tablet world. Any business line of products being sold by the major vendors today, even if its shipped with Windows 8, can be downgraded to Windows 7. When our clients order hardware through us, we have been making sure to get machines with Windows 7 preinstalled with the ability to do a future upgrade to Windows 8. If you purchase hardware directly without us being aware of it, please (for the next few months) make sure it’s pre-installed with Windows 7, not Windows 8.

 
“Technical Action Group provides managed IT services, network support and technical support for Toronto businesses who heavily rely on technology, with 10 – 75 PCs. Contact us now on 416-489-6312 to speak to one of our friendly staff to find out how we can take the frustration out of managing your IT assets.”

I thought it timely to bring up the topic again so as to share a recent real life example experienced by one of our clients of the damage a “happy today, miserable tomorrow” employee can cause.

Background: A learning facility had an administrative staff member quit without notice – let’s call her “Jane”. When another staff member was tasked with the responsibility of assuming Jane’s role temporarily, she and management were horrified to discover that all of the working files Jane was using, were deleted from the network. By process of elimination we were able to determine that the deletions happened some time that morning and as such, we were able to recover the deleted files from their hard drive backup system from the previous night’s backup within one hour. While the client breathed a huge sigh of relief, it could have turned out a lot worse had our client not had the proper mechanisms in place.

While the above was an easily resolvable issue (thanks to our monitoring the backup solution 24/7 and testing it monthly to make sure it was always functioning and would be reliable when our client needed it), every business should be prepared for such an event at MINIMUM, and even a much more malicious event.

Delete permissions: Determine who in your staff should be entrusted with the right to delete files from the network. Special attention should be given to database applications such as accounting and CRM systems and any internal custom made or off the shelf database applications.

Best practice: Data should NEVER be deleted from a database or network drive. To deal with data that’s no longer needed, you should archive it or if your system supports this function, mark it for deletion (this generally hides the data, without actually deleting it). Think about your key business systems and the impact on your business if someone was to wipe out current quotes, orders, financial transactions, proposals, and other business-critical documents.

Backup system: Make sure you have a good backup system in place with these key characteristics:

- Backups happen on a regular frequency whether that’s hourly, daily, weekly (depending on your business requirements)
- They are being monitored for success or failure by your IT support provider.
- They are being regularly tested to make sure the backups are useable.
- That the backups are going off-site.

What’s REALLY being backed up? When we meet with prospective clients we are always surprised at how often managers /owners are not clear on what’s being backed up, or whether the backups are going off-site. In essence they have no idea if they are protected in the event of data loss.

“Technical Action Group provides managed IT services, network support and technical support for Toronto business of all sizes. Contact us now on 416-489-6312 or contact us to speak to one of our friendly staff to find out how we can take the frustration out of managing your IT assets.”

These days, “going paperless” at the office is an increasingly popular, and environmentally friendly, trend.  In addition to helping you dramatically reduce clutter and expand your office’s available physical space—no need for large filing cabinets anymore—limiting the amount of paper you use and store cuts your operating costs (goodbye fax toner! Farewell postage stamps! Goodbye 4th filing cabinet!), reduces your paper-waste output and saves a few trees in the process.

Depending on the size of your operation, this may sound like a daunting task, but it doesn’t have to be.  It’s a gradual transition, not an overnight switch.  To be clear, it also doesn’t mean you’re going 100% paper-free so much as reducing the amount of paper that comes and goes on a day-to-day basis.  The key is tackling the conversion from hard copy to digital one step at a time.

1.     Inform everyone of your plans
Inform your clients, colleagues and suppliers of your plans, and give them fair warning well in advance so they can get used to the idea and take any steps needed to accommodate you on their end.  Let the people with whom you do business know that you’d prefer to operate digitally—via e-mail instead of fax, using PDFs instead of printing multi-page reports, billing electronically in lieu of mailing an invoice, and the like.

2. Choose Your Software
Whether it’s document management software or secure data-storage software, you’ll need something to help keep all your files organized and accessible once they’re converted to digital.  Try to select a universal file format that most people use to ensure ease of operation when you’re sharing material.  You’ll also need software and apps for things like note-taking, electronic signature capture and finance management. 

3.     Invest In A Good Scanner
Depending on the volume of paper you’re looking to transfer, what you’ll be scanning and how often you’ll be converting files to digital, you can use a flatbed (one sheet at a time), automatic feeder (multiple sheets) or duplex (scans both sides of the paper simultaneously) scanner. 

4.     Embrace the Shredder
Use a shredder to protect yourself and any potentially sensitive or confidential information before you toss paper into a recycling bin. If you have a large volume of paper to shred, you can hire a professional bulk-shredding service to handle the job.

5.     Upgrade Older Digital Storage Media
If you have data stored on CDs, tapes (or depending on how long you’ve been in business) floppy disks, move it to more up-to-date formats like flash drives, external hard drives or cloud-based storage.

6.     Use External Hard Drives
These are ideal for storing your newly digitized files.  They come in an array of storage capacities and many are compact enough to fit in your pocket…be sure to keep these secure from loss and theft! 

7.     Move To The Cloud
Cloud-based systems make it easy to store, access, send and receive digital files, spreadsheets, photos, videos and anything else you and your business might need.  Everything is kept off-site, which further reduces your need for in-office storage.

8. Switch To Online Banking
Mange your money, pay bills, transfer funds and accept payment all without ever leaving your desk or handling a piece of paper.  Better still, an assortment of mobile apps are also available allowing you to manage your transactions on the go, anywhere, right from your mobile device.

9.  Integrate Fax and E-Mail
Documents can be sent—via fax—from one computer to another, or even from a fax machine to a computer.  Instead of printing them out once they’ve arrived, read and respond online. 

 10.  Back It All Up!
Once you’ve transferred everything you can from paper to digital, make sure you regularly back up all your data to avoid losing any of it in the event of a computer crash or other disaster.

Source:  Connected For Business Magazine.  Text by Vickie Reichardt

“Technical Action Group provides managed IT services, network support and technical support for Toronto business of all sizes. Contact us now on 416-489-6312 or contact us to speak to one of our friendly staff to find out how we can take the frustration out of managing your IT assets.”

True Story: A business colleague hired a new web designer to update her web site. After 6 months of delays and poor service, she notified the designer that she would no longer need their services. This firm’s developer then decided to delete all the web sites she had to get revenge. Apparently, the web hosting company had a “glitch” (as they called it) in their password and security system that allowed this company to gain access to her account after she deactivated their login. Fortunately, her OLD web designer had a copy of her web site, even though it was out of date. This little fiasco caused her web site to be down for a week and cost her thousands in getting the sites back up.

Point is, the more data you host in cloud applications, the more cautious you need to be in keeping a current record of those files in-house; and with more and more software companies ONLY offering a hosted or cloud version of their software, you often won’t have a choice but to move your systems and data to the cloud. As a second precaution, you should review your cloud provider’s policy on closing your account. In some cases, they have all the power and will shut off your access and even delete your data without warning, never to be recovered. That’s why it’s absolutely critical that you perform “reverse backups” of your data to your server frequently.

“Technical Action Group provides managed IT services, network support and technical support for Toronto business of all sizes. Contact us now on 416-489-6312 or contact us to speak to one of our friendly staff to find out how we can take the frustration out of managing your IT assets.”

Internet access is vulnerable to disruption from causes completely out of our control due to a cable accidentally cut by construction, vehicle accident, communication providers, or even instability on the part of the internet service provider.

If your business has been a frequent victim of downed internet because of something out of your control (it happened to us thanks to a backhoe operator digging a trench and cutting our building’s access to all Bell services), then you’ll want to seriously consider a contingency plan to avoid being crippled because of an outage. 

 Your  First Step

Define what business services are critical to your business.  What can’t your business live without for hours or days that require internet access?  E-mail? Remote access for your road warriors / home office users?  Third party business applications requiring internet? All of it? By prioritizing the systems required during an outage, you can go with lower cost options for the backup service than your main service.

Determine The Cost / Benefit

If the internet went down for 4 hours, multiply 4 by your number of staff, x your average hourly rate for your staff to arrive at your total loss of productivity.

Example:  20 staff x 4 hours x $20 / hour = potential loss of $1,600.  Plus  any lost opportunity costs (i.e. proposals don’t go out in time, can’t respond to sales inquiries)

Find an alternate supplier to your current one that can provide internet access that can meet your above requirements.  For example if you use Bell, call Rogers.  This will protect you against an issue impacting one specific vendor.

With the alternate supplier, look into a service that uses a different technology to deliver access to your office than what you currently using.  For instance if you use ADSL from Allstream, look into wireless from Bell or cable service from Rogers.  This protects you against an issue affecting the delivery method of your main internet access such as a cut cable.

      How Backup Internet Saved OUR Bacon

We have two internet services that have the exact capabilities.   Earlier this year our primary service went offline due to issues with our provider.  Without internet, we would not have been able to provide technical support to our clients.  During the outage, all of our services (e-mail, CRM and  remote help desk tools) became fully functional again within minutes of our backup service taking over. This was all done automatically – we didn’t do a thing – it was business as usual.   
Sure, it’s still possible that internet access gets knocked even with the above backup plan, but this is a great way to greatly reduce your vulnerability and keep working during most outages.

“Technical Action Group provides managed IT services, network support and technical support for Toronto business of all sizes. Contact us now on 416-489-6312 to speak to one of our friendly staff to find out how we can take the frustration out of managing your IT assets.”