Is Your Business Secure While Your Employees Work from Home?
Dan: Well, good morning. It's 8:30 and it is time for Bit-Wizards Tip of the Wand. Now, Vince and Sam, of course you're not in studio. You're in a remote location that nobody knows exactly where you are because you're undercover right now. It's because you don't want to get the coronavirus, but good morning to you.
Vince: Well, we're undercover, but I promise we're under the covers together.
Dan: Okay, show's over. You guys are crazy. So, I guess you two are being safe, right? Nobody's got the virus and you guys are healthy and no colds, flu, any of that stuff?
Vince: No we're all good and all the wizards at Bit-Wizards are working hard to make sure that all of our customers can operate remote and that their network stay safe and secure while making sure that all of our team members are healthy and separated and following the president's and governor's guidance.
Dan: Yeah, it's been pretty tough on everybody, but I think everybody that's following the guidance of the powers to be were probably stay safe. It's the ones that violate that I believe are going to be in a lot of trouble. Like the folks we had here at spring break, I think that there's already been some that have been a turning positive for the coronavirus so they violated good sense and they're paying for it. But anyway, guys, let's get right into it.
Announcer: Bit-Wizards Bits and Bytes.
Sam: For the Bits and Bytes, this is where we talk about something that's happening in the news. I thought this was a great article because while the whole world, well, the whole planet was focused on battling this biological virus that we're dealing with, Microsoft quietly has rid the world of a digital equivalent of the coronavirus. It's a botnet called Necurs. I'm not sure how it's how it's supposed to be pronounced, but it's a … At the height of its powers, Necurs was one of the most disruptive forces on the internet. It was a sort of a Swiss army botnet. A botnet is an application that installs onto your computer and then it spreads to another computer and installs on there and it keeps spreading out and spreading out and spreading out. Then, it harnesses all of those computers when it wants to. It triggers itself and it'll use all of those computers to do something. Sometimes that's to send out ransomware or to attack someone's network all at once. Necurs was really actually one of the worst ones out there. It has infected over 9 million computers worldwide that are sitting just waiting for its instructions. What's clever about this is that most botnets, what they do is they check in home to a website and they get instructions from that website. So, the way you take them down is you take down the website. However, this botnet was very, very clever. They had come up with their own algorithm and what it would do is it create a 2, 048 new websites and every 48 hours. It had a special program that would create these websites and it would check one of those 2, 048 websites every 48 hours for its next instruction. So, it was very hard to shut it down. Well, Microsoft was able to crack the underlying algorithm and they were able to identify the next 6 million, 144,000 domains that Necurs was going to create in the next 25 months and they were able to alert all of the authorities and shut it down so that it has nowhere to call home to. It essentially renders those 9 million computers around the web just sitting there with this Necurs virus on it, renders them all inert and ineffective. I thought this was just fantastic news from Microsoft protecting us and protecting the world from these horrible viruses that are going out.
Dan: Gosh, that sounds like an incredible thing they put together, but even more incredible that Microsoft was able to crack it and get rid of it.
Vince: Well, we've talked before that they've got a whole teams of engineers. I believe the number is over 9, 000 engineers that are working day and night, 24 seven looking at these different types of viruses so that you didn't get caught with your knickers down. Not the Necurs virus, but don't get caught with your knickers down.
Sam: Well, the reason I wanted to highlight this is because a lot of times in our IT world, in our businesses, we worry about malware because we're worried about getting viruses on our computers and are they going to encrypt our data, which would be horrific, and then you've got to pay a ransom in Bitcoin and everything. But actually it is more to it than just that, because malware isn't just designed to infect your devices, to disrupt your business, but the attacker, the person who's creating this malware, is also wanting to steal all of your computers and the CPUs that you've spent good money on and use that for their own nefarious purposes including stealing your bandwidth that you're paying for every single month. Then they leave you in the line of fire as the organization, as the company, and you're left holding the bag for the crimes they commit because they're all being traced back to your computers. Even though you didn't start this, they hijacked your computers and there's no way to trace it back to them. This is why security is such a big deal for us at Bit-Wizards.
Dan: You guys at Bit-Wizards are always talking security. Security. Security. Backup and taking care of people. I'm kind of curious though, to actually have this get into your computer, would you have to click on something to have it download or is there a way they can do that without you even doing that?
Sam: With this one specifically, it was able to spread, especially under Windows 7, it was able to spread without a whole lot of user interaction at all, which is one of the reasons why we insist for all of our clients that we get them off of Windows 7, off of Windows XP, and Windows Vista that people love to hang on to and instead get them up-to-date with the latest version because under Windows 10 this cannot spread the way it was spreading before. Now what Microsoft has done have basically pulled the plug on the system that would feed it its instructions. It was very cleverly done.
Vince: This is why we tell people to get off of those older operating systems because you incur a ton of technical debt. What happens is is that it's not cost effective after a certain period of time because technology marches on. Obviously, there are new things come out, new threats, new stuff, new capabilities, new processors, new memory, new storage, that all has to be taken care of. You holding onto that older operating system puts your company, and it puts you personally at home, at risk which is why we tell people once you get past the end of life, or the end of service, with that particular operating system, it's time to move on. In fact, typically we're asking people to do it beforehand, to stay ahead of the game and make sure that they're protected.
Sam: When you get the emails from the spammers who are out there fishing you and trying to hack into your network, you'll notice a lot of times those emails look like they come from a legitimate email address. That's because of these botnets that's like Necurs. Microsoft said on March 5th, Microsoft noted that a single infected computer with this Necurs virus is capable of sending a total of 3. 8 million spam emails, over 40. 6 million victims in just 58 days. That's a single computer. There were 9 million of these things infected. So what they were doing was hijacking your company's computers to send out their spam to trap other companies into continuing to spread that virus so they could have it do whatever they wanted to do when the time came. At Bit-Wizards, security is always our top priority for our managed IT services clients. We work really hard to provide the highest amount of security with the least amount of disruption to productivity.
Dan: So Sam, what can they do?
Sam: In an instance like this? I just thought it was fantastic news from Microsoft that they've already blocked this, but this is why we insist on making sure number one, that all the devices are up-to-date with the latest version and number two, that you have an antivirus on your machine. I think the old adage holds true of you get what you pay for. Having somebody manage your environment for you, making sure that these things are being taken care of is critical.
Vince: The other thing is is that you want to make sure that you're doing it at multiple levels. We start at the edge of your network and that's your firewall. Then, at the firewall they're scanned for virus and we also do some packet inspection and things like that to make sure that you're not getting stuff coming through your firewall. But just so it doesn't, just in case one gets through, because there's a new one, we use antivirus on your local machine and on your servers. Then on top of that, at your email level, there is another level that is done there where it's checked before it ever leaves your email server. In fact, that's with advanced threat protection, is tied directly into those 9, 000 security folks at Microsoft and where they update those virus definitions on the fly immediately in real-time as these threats come out and as they're able to develop countermeasures for them.
Dan: Wow. So, like you were saying earlier, Windows 10 does a lot of that and they give you the tools to be able to do that but you have your own, I think it sounds to me like you have your own programs that you use for that on top of Windows 10 to make it even more secure. There's a lot of people that may not know what you do with the firewall exactly, but what a firewall is.
Sam: Well, and that Vince was saying that we protect the network starting at the edge. The firewall is what we call an edge device. It's what connects your … So you pay media or you pay Cox for internet to your business. They give you this modem and this modem is a big black box that gets screwed to the wall in a closet somewhere and it comes out of there and it has wifi built in and it has the internet and everyone plugs their computers into a little switch connected to it and then everyone's online. The problem with that is there's no actual separation between your environment and the internet at large. What we do is we put in an edge device there, a firewall, that goes between that modem coming from Cox or Mediacom and your network and it's inspecting every single byte of data going back and forth, whether it's encrypted or not. It's checking every single one of those to make sure it is legitimate and that it's not going to hurt your network.
Dan: That makes sense. Perfect. Good guys, man, I liked that idea. I wasn't really sure what a firewall was. I had an idea, but that sounds like it's a physical box that we'll go through.
Vince: Yeah but there are software firewalls, but the better use is a physical firewall and that's why we automatically, whenever we bring a customer onboard, first thing we do is install a brand new top-of-the-line firewall at their company. The thing with a firewall, it's not enough just to have it, you've got to keep the firmware, you've got to keep the antivirus, you've got to keep all those different definitions up to date. It's got to be able to phone home, back to different places so that it knows that it's getting the latest updates and getting the latest virus definitions and things like that.
Dan: And you guys a Bit-Wizards, you monitor all of that, don't you? Remotely.
Sam: 24 seven yep. We're constantly watching those things and we're have alerts set up for all of our clients. We have thousands of machines under our management, tens of thousands of email addresses under our management, and we have alerts set up to let us know as soon as any one of those starts to have an issue and that we can see if someone's being attacked or if someone's email has been compromised.
Vince: You're never going to be 100%, but if it's monitored in real time and you take all these different, what I would call moats, that you have around your fortress within your business. You could thwart it at a different moat or a different wall or a different place we can minimize the amount of damage that happens. Sometimes it takes a little bit of time for these guys to react, kind of like what we're going through now. Whereas, the guys are trying to figure out how do they combat this new virus that's come out. The same thing happens with the Microsoft security engineers, but they're pretty on top of it and they put out guidance right away and we stay connected with them. That's why we're a Microsoft Managed Gold Partner. We know about what things are going on when and how and also with the relationships with our other vendors that provide our firewall and other things that we utilize with our customers. We stay in tune with that stuff so you as a business owner don't have to worry about it.
Dan: Gosh, you guys are, he sounds too technical for me. That sounds like a lot of work. All right guys, that sounds great though.
Announcer: Bit-Wizards, What's Up Our Sleeve?
Vince: Let's go to our next segment.
Dan: What's Up Our Sleeve?
Sam: I thought actually this would be a good one for Vince and I to talk about today because last week Vince, on the radio show, talked about if you need to work from home, how you can do it. Talked about some of the tools you have in place that you can use to work remotely, but today I thought instead of looking at us as individuals working remotely from home, what would be a good discussion for us to talk about business owners who are now having their employees work remotely. With many companies right now facing the challenge of having to figure out how to stay operational as a business while also stemming the spread of covert 19 by actively encouraging their employees to maintain social distancing. For many, this first step is to allow their employees to work from home, but remote workers, they need to have to work on their personal devices or they have to take work equipment home with them. So, what I wanted to do is discuss some of the important steps you can take to ensure that while we're doing this, while you don't have all your employees in one location, that you can ensure keeping your organization secure, keeping your company secure, even though you don't have everybody sitting in the building together.
Dan: Good point.
Vince: The first thing that we would suggest that you do is you need to keep track of your physical inventory of your computers, because you've got company data and information on those. So, you need to have some sort of a checkout plan where you keep track of that inventory that you send out with your employees to their home so that they can work.
Sam: Yeah, if they're taking monitors home, that's one thing you want to make sure you know those come back, but if they're taking laptops home or desktops or thumb drives or external hard drives, you're going to definitely need to have a sort of a check-in check-out system for that of your own, whatever that system is. Even if you just do it in your email and email yourself to say, so-and-so at the company has this device right now and this is what they have. At least you're keeping an inventory of it.
Vince: The other thing too is to keep track of your compliance requirements, because in some cases, if it's HIPAA data or there are other compliance standards that you have, you may be limited in what you can allow your employees to take home with you. Keep track of your data, keep track of your physical inventory, keep track of what is going outside your door.
Sam: Yes, and then the next thing we thought about there is, " Okay, well what if they're not taking their devices home? What if they're going to work on their own laptop at home or their own desk cup at home," which is definitely a viable option for people that are working from home. We thought of a couple of different points here that you should definitely be thinking about. If you're going to allow your employees to work on their own devices, you want to make sure that they have antivirus on their machines. You need to make sure their computers are up to date. If they're running Windows 7 at home that's probably not that big of a deal for them, they're not really a target, but now if they're using that old Windows 7 laptop that's been sitting, collecting dust at home or the kids have been playing on for the last couple of years and now they need to bust it out for work, you need to make sure that it has been brought up to date so that it doesn't compromise your company's data. You want to make sure that you'd still be able to remotely access those devices even though your company doesn't own them, you still have some administrative governance over those devices. That's why we use our managed IT services, because we can remote manage and monitor all of those devices. Then lastly, you're going to want to make sure those devices are backed up. That gets to be a little bit of a tricky situation because you're also backing up that person's personal data. However, making sure that the data doesn't disappear accidentally is absolutely critical.
Vince: There's some simple things that you can do around those devices, which are sometimes called B-Y-O-D, Bring Your Own Device, it's a techie term you may hear. It's as simple as this one, there's a lot of free antiviruses that you can go out there and get and it's better than having nothing at all, I'll let Sam recommend a couple of those. The other thing is run the Windows updates on those computers. Make sure that they run them and do those updates, it may take a couple of reboots and that type of thing, but at least for the operating system that they have at home you know that they're up-to-date at that particular point. Then, remote access if possible, but a better way might be allowing them to remote desktop into their computer at the office that way, also connected on a VPN, that way you know that the point-to-point between them is secure and that they're not actually transferring any data onto their local computer.
Sam: Absolutely, because that's probably the next most critical thing is to make sure that those devices, if they're working from home, are isolated. You have to figure that while you have control of the devices that are in your building at your company, even if you're not thinking of it from a network perspective, there is a definite case to be made that when people are working from home, there are lots of devices on their network that you have no control over. That might be the kids tablets, they're getting online with an Android tablet or smart home devices that your employees have at home or even their Peloton exercise bike is connected to the network. All of those things are going to be probing the computers and they would be a weakness or a vulnerability for your company's data. So again, as Vince was saying, we recommend you connect to the internet and to your home office using one of those VPNs that we talk about quite a lot, the Virtual Private Network, which isolates that device so that is essentially on its own network and the other devices on the rest of the network can't really interact with it in any way and they definitely can't see the data going in and out of that device.
Vince: The other thing, go ahead Dan, I'm sorry.
Dan: No, I was just going to say, so they're kind of shielded from everything else in their house if they got the VPN?
Dan: Gotcha. That's all I was going to say.
Vince: One of the things too that we talk about is to try to keep your data centrally located, which is why we recommend that you either use your on-prem data storage and allow them to use a remote desktop connection back into the machines that you have at your office or use cloud storage, SharePoint or One Drive for Business. These are great ways for companies to collaborate remotely and then to ensure that that data is securely backed up and taken care of for you. Microsoft backs these things up with at least six copies across Windows Azure in order to make sure that your data is secure. So, in case a drive or something gets infected or something, it can be restored.
Sam: Absolutely, and so that's a critical part to this is when you're all working in an office together you're collaborating a lot, but when everyone is working remotely it's a lot easier to lose that sense of connection and so people start saving stuff to their desktop or saving stuff to My Docs because they don't know where to put it. If instead you're using SharePoint and the tools like One Drive for Business that Microsoft provides for organizations, then you don't have to worry about the data, the hard drive going bad or anything like that. Everyone can keep working together. Which leads us to maybe the last point on this is being able to maintain communication during this remote work situation. Last week Vince talked about if you are working remotely, make sure you work extra hard to stay in touch. We thought there's actually some good tools that we can talk about that help all of the remote employees stay in communication with each other.
Vince: One is to make sure that you use a commercial brand of email. We highly recommend using Office 365. Stay away from the personal email. A lot of people are using free Gmail or they're using free Go Daddy email or some other free-
Vince: Yeah, AOL or EarthLink. I mean these things, they're free for a reason or they charge some minimal amount of money. It's because it's cheap grade consumer junk is what I would call it. You need to protect your business with commercial grade stuff. You get what you pay for there. The other thing is is to utilize some things that allow you to communicate and collaborate. There's a couple of things. One is Teams, Microsoft Teams, which comes with your Office 365, that allows you to chat in real time and then share data over SharePoint and other ways through One Drive for Business or possibly Slack, which allows you to talk back and forth. These things don't cost that much and they're part of the those packages. The other thing is to invest in a a commercial conferencing platform like Zoom or RingCentral.
Sam: I heard that, Zoom and RingCentral both provide online conferencing. You can use it like a phone or you can use it to do a video call, kind of like Skype except you can have lots of people in those calls, but I heard Zoom and RingCentral are both getting hammered pretty hard right now because the entire nation is working from home. These tools have established themselves as the market leaders for video conferencing. Now, where it used to be your employees might have one or two video conferences in a day, now everybody is video conferencing all day, every day. So that's definitely changing the landscape, but we definitely recommend tools like Zoom or RingCentral for these conferencing. Even Teams has a lot of that built in as well and you don't even need third-party software. You can just use the stuff that comes directly from Microsoft.
Dan: Those all sound really good so you can keep the communication going. What I'm getting out of this, just as a layman, thinking that the best way to do the working from home would, to me, would have a VPN go right to a cloud and just work through that aspect.
Vince: That's absolutely correct and make sure that you get it set up and get it set up properly, but that's the best way. The companies that were in the best position when catastrophe strikes, whether it be the virus here or whether we have a hurricane, I know that when we've had hurricanes in the past Bit-Wizards folks have scattered to the four winds and then we've connected remotely because our servers exist in the cloud. I don't necessarily have to be onsite at our business in order to operate. The businesses that take advantage of that are prepared and ahead of the game. We had a little, a few customers that we've already got them set up, but then they had some key workers that had never worked remote and we had to go in and help them get their VPN set up and stuff like that, but in general the core infrastructure was there ready for them to go. We got them set up in minutes and they're operating. That can mean the difference between you making the additional revenue for your business and staying in business at a time of a problem like this or going out of business.
Dan: That's why people really should invest in going with Bit-Wizards, because you guys foresee all of that happening. You're always looking forward and you always, seems to me, like you already got the plan in place all you have to do is implement it when these things happen because you already thought it all through.
Vince: That's true. We don't believe in technology for technology's sake. We believe that technology serves a business purpose and that purpose is to help facilitate business, to make you more productive, to make sure, and as you've heard me say before, every business is now a technology business. Every business is now a technology business. That means that you have to have technology to compete in today's market.
Sam: Many of our clients are what we consider essential services , even during this difficult time. So we, we're maintaining IT environments for doctors ' offices and city governments and police departments and fire departments and several 9-1-1 call centers in the area. So for us, having these tools in place before disaster strikes has been absolutely critical so that we can smoothly transition and continue maintaining the IT networks and IT environments for our clients. Especially the ones who are on the front lines of this " war " as President Trump has said that it's war against this virus.
Vince: We're not trying to scare anybody. It's that age old Boy Scout adage, me being an Eagle Scout, it's about being prepared. It's about being ready beforehand.
Sam: Yes. Thank you, Major Powell.
Dan: Let's move on.
Announcer: Bit-Wizards, From the Spellbook.
Sam: So today's Terminology Defined is files on demand. You may see this a few different places, Microsoft definitely captured this phrase and use it in several of its products. Files on demand is where you can have your files available to you when ever you need them, but you don't have to take up any room on your hard drive, any space on your hard drive, which sounds too good to be true. That you can have all of your files available to you, terabytes and terabytes of data, available to you even though you only have a laptop hard drive with a 256 gig SSD in there and there's not much room you can have all of those available. The way that works is that Microsoft stores those files in SharePoint online or in One Drive for Business and what it does is it puts empty placeholder files on your computer that don't take up any room, but as far as your computer is concerned, those files are sitting right there. When you double click on one of those placeholder files or you go to open it from Word or Photoshop, whatever tool you're using, Windows in the background, Windows 10 and One Drive, they silently and quickly go grab that file from SharePoint or from One Drive, from the cloud platform, and they bring it down to your computer. As far as your computer is concerned, that file just took a split second longer than usual to open, but from here on out it'll open just fine and fast every single time. Then as long as you're using it, it's keeping that local copy on your machine and as you're saving it it's saving the changes back. When you're done using it, files on demand is intelligent enough to go ahead and remove the copy of the file from your computer so it doesn't take up any more space, but it's still waiting for you as soon as you need to have access.
Vince: Basically it's monitoring those files in real time and it's looking at them and seeing how often that you use them. So the files that you never use are still, you just have sort of a shell sitting there, but the files that you're actually using, it actually pulls them down and has them there and it keeps track of how often you're using them. Over some period of time it sort of phases them out on your local disc and then it goes back to that shell.
Sam: They make it look so simple, but it really is incredibly complex on the back end. If you think about maybe you've got 60 employees in your company and they're all synchronizing 10,000 of these files across all of their computers across the board. That's 60, 000 files that are being constantly monitored by this system for any changes and being updated on the fly all the time. We at Bit-Wizards migrate your data into Microsoft's cloud storage platforms like SharePoint and One Drive for Business and Azure storage to help you keep your files centrally located and keep your hard drive nice and clean. We're going to wrap it with a customer appreciation plug if we have time, Dan.
Dan: Yeah, go ahead.
Vince: We want to do a big Bit-Wizards shout out to our customer, Kitchen Ambassador. We want to say hey to Butch Myers and his team and Sophie at 415 Page Bacon Road in Mary Esther with locations in Fort Walton Beach and South Walton to Mobile and Fairhope, Alabama. They've been a longtime client of Bit-Wizards. We've worked with them both in digital marketing as well as managed IT services and they provide countertops, cabinetry, flooring, remodeling for kitchens and bathrooms with award winning service. They've got a team of professionals that are there to help you design and build your new kitchen bathroom. Kitchen Ambassador has got a fantastic reputation and we're privileged to be taking care of their IT from top to bottom. They are forward thinking and they are always making sure the technology is at the leading edge so that they can service their customers. With that, I'm going to throw my chamber hat on here for a second, and I want to ask everybody out there to please support your local businesses. Some of them are operating differently, we've talked about losing $8 trillion in the stock market. Nothing pales in comparison to the number of people that small business employs. So I ask you, don't cancel your orders. I asked you to wait, put them on hold, help these companies out and be there as we get through this crisis.
Dan: Well said, Vince, very well said. We got to get through this together and intact. I appreciate that. Vince and Sam, thank you so much for coming on remotely today. I look forward to talking to you guys next Tuesday with Bit-Wizards Tip of the Wand. You guys have a great day.