d2 Small Business Newsletter

20 Ways to Cut IT Costs

In tough economic times, all enterprise departments are required to tighten their belts. To help IT execs navigate through the cost-cutting maze, Gartner analysts presented a list of 20 ways that IT execs can slash expenses. Re-examining cell phone plan costs, virtualizing servers among keys:

1. The most obvious place to start is people costs. Gartner estimates that 37% of the average IT budget is dedicated to personnel, so this represents a major opportunity to save money. Gartner recommends a blend of hiring freezes, reducing or eliminating special bonuses, cutting back on outside contractors. Also, global companies that have opened offices in remote areas should consider bringing those workers back home
2. Flatten the organization. Instead of having one person manage six or seven employees, trim some of that middle management and have your IT execs manage more like 20 people. A flat organization not only saves money but also can lead to more efficiency.
3. Move to shared services. In other words, consolidate things like help desk into one group that services the entire company.
4. Even if you have to borrow somebody from another part of the company, bring a finance person into your leadership team so that person can analyze your budget and find ways to help you trim costs.
5. Don’t ignore “unmanaged” costs like printers or data center power.
6. Go back and check your invoices to make sure your vendors are charging you what your contract specifies. An example would be if your wireless vendor agreed to give you free shipping when it sends new cell phones to remote workers. A few months later, shipping charges might start appearing on your cell phone bill, and if you don’t check, you’ll never know.
7. Eliminate unused software and modules.
8. Get tougher with vendors when it comes to negotiating contracts. Don’t be afraid to switch vendors, or at least go the first step of determining what it would cost to switch.
9. Buy a telecom expense-management service. It pays for itself and more.
10. Deploy a corporate wide plan for buying cell phones. Then, buy a cell phone plan that optimizes expenses. This will be cheaper than letting employees buy phones and plans and then expense them.
11. If there are places where you don’t need five nines of availability, settle for three nines. It will save you money when you negotiate with your vendor.
12. Consider buying a videoconferencing unit rather than constantly renting.
13. Where possible, use the Internet as a replacement for expensive WAN transport services.
14. Defer moving to Vista. If your PC hardware is holding up, consider sticking with it another year.
15. Use commodity products wherever possible, and skip best of breed in cases where “best of need” will suffice.
16. Consolidate and virtualize servers.
17. Reduce storage costs via data deduplication and other methods.
18. Use better processes and policy to make better use of existing tools.
19. Deploy IP telephony and VoIP as a way of cutting costs for moves, adds and changes.
20. Harvest unused software licenses and reuse them when a new employee makes a request.

The “D” Word

As if the “R” word wasn’t bad enough, the “D” word is apparently being discussed at more than a mere whisper.

A new poll put out by CNN found that 60% of the American public thinks it’s likely we’re heading into a depression; not a recession, but depression. And I don’t mean the kind that can be eased by Prozac.

At the same time, the Small Business Association (SBA) says small business loans have dropped 30% this fiscal year (which just ended on September 30) from a year ago.

Get Smart

Now that I’ve depressed the H-E-double hockey sticks out of you; here’s where technology comes in to help tighten the budget for a bumpy ride. Look for technologies that shave money off the bottomline:

• Software as a Service
• Cloud Computing
• Off-site data storage
• Thin clients

By offloading as much of the IT department somewhere else; businesses can save on lower head count, less money on IT consultants, fewer servers and other racks of hardware taking up valuable office square footage. Less gear means less money. Less gear means less money on utilities to keep all those boxes cool.

Whether we’re heading into a protracted recession or depression is up to the economists to call. But, it doesn’t take the ghost of Milton Friedman to see our ox is in a ditch.

6 Tips to Avoid Viruses, Worms and Spyware

Have you ever had a virus? Cough, headache, sneezing and chills—Yuk! Doctor’s push preventative measures each year as the cold and flu season approaches but still millions are infected.

Your computer is continually at risk too — prevent a serious infection with these great tips for avoiding nasty encounters with viruses, worms and spyware.

1. Virus protection software is a must on all computers to prevent data disasters. With that said, all virus software is not created equal. We strongly recommend using a centrally managed anti-virus system for businesses with three or more PC’s. This will give your organization a greater level of protection.

2. Risky websites can lead to infection

Always stay away from risky Internet websites, like those enticing gambling sites. They may look fancy but give you unwanted programs and software that could take charge of your computer.

3. “No Clickie Clickie” as our Lead Technician always says. If a popup appears on your screen do not click the red “X” to close it. Viruses and spyware may be attached to the “X”. Right click the task bar title box for that page and choose close.

4. Always scan programs from the Internet before opening them up to install on your computer. Also, if you need to swap data between computers, make sure to scan the storage device(s) for viruses too.

5. Never use pirated software. It is not only illegal but a fabulous way to invite computer viruses. While the kid down the block is handy with his CD burner, he and you can never really be sure if the programs are safe. Viruses are easily spread with out any knowledge of the damages possible.

6. Back up your files regularly Few companies truly do a good job of backing up the data on their server and computers. Take a look at our Online Automatic Data Backup. It’s safe, secure and can save you a lot of time and money.

We cannot guarantee you will never fall victim to a virus, computer worm or Trojan even if you follow each of these steps religiously. However, we can say you will greatly reduce the chance of being an unsuspecting recipient of these unwanted programs and software as well as equip yourself with the tools to recover your data fast.

Protect your business and home computers. The best time to prevent disasters is before they happen and we would be glad to help.

How Viruses Get Named

Thousands of viruses are currently circulating on the Internet with more being discovered daily. So how does a virus get it’s name?

There is no official government body or organization that names viruses. In most cases, the anti-virus company that discovers it gets to name it; and, it’s a very competitive race to see who can discover new viruses first!

The criminals creating viruses like to leave clues as to what they want their virus to be named, but researchers who discover (and fight) them don’t give their authors the satisfaction of keeping the name. To hackers, creating a destructive, difficult to disable virus is a badge of honor. So instead of giving these cyber criminals the publicity they crave, virus researchers will name a virus based on the type of system it attacks, what it does, or other random reasons.

For example, the Code Red virus got its name from an eEye Digital Security researcher’s beverage of choice — the cola variety of Mountain Dew soft drink.  Apparently he was drinking this the night he cracked the corruptive code.

Creativity aside, most anti-virus companies have policies and letter-number formulas for naming viruses because it’s becoming more and more difficult to come up with unique names for viruses. Symantec’s Norton antivirus software currently has a catalogue of over 58,193 known viruses—

Fake YouTube Pages Used to Spread Viruses

SAN FRANCISCO - Savvy Internet users know that downloading unsolicited computer programs is one of the most dangerous things you can do online. It puts you at great risk for a virus or another time bomb from a hacker.

But even some sophisticated surfers could get taken in by a sneaky new attack in which criminals create fake YouTube pages — dead-on replicas of the real site — to push their malicious software and make it look like it’s safe stuff coming from a trusted source.

A program circulating online helps hackers build those fake pages. Users who follow an e-mail pointing them to one of the pages would see an error message that claims the video they want won’t play without installing new software first. That error message includes a link the hacker has provided to a malicious program, which delivers a virus.

Even worse: once the computer is infected, it’s simple for the hacker to silently redirect the victims to a real YouTube page to see videos they were hoping to see — and hide the crime.

“It’s spot-on accurate, and that is scary,” said Jamz Yaneza, threat research manager for security software company Trend Micro Inc. “If I were watching YouTube videos all day I would probably click on this one.”

The tactic itself isn’t new: There’s a constant push by criminals to build more convincing spoofs of legitimate sites to trick people into downloading harmful software. And the latest attacks don’t target any vulnerability in the YouTube site.

But it highlights the fact that criminals are getting better at creating bogus sites and developing so-called “social engineering” methods to fool people.

Fortunately, truly alert Internet users can still see the telltale warning signs with the fake YouTube pages. For one, the Web browser won’t show the real YouTube’s Internet address. And to even see the malicious page, you have to first follow a link that’s sent to you, which is often a tip-off that you should independently verify whether the site is legitimate.

d2 in the News: Inc. Magazine

d2 was recently published in Inc. Magazine’s Technology section as the featured expert on data management strategies. Here is the article:

Document Classification Tools and Strategies
By Renee Oricchio
You’ve archived your data so well that even you can’t get to it. How to organize and tag data for retrieval. Should you go with a Web-based outsource solution, off-the-shelf application, or pay someone to customize one for you?
It’s official: humanity is creating more digitized data each year than places to archive it.

It’s no wonder that so many technology companies are jumping on the band wagon to build massive data storage facilities. Even in this economy, data storage is a red hot business. That’s not likely to change given a recent study put out by IDC Research earlier this year projecting that the amount of digital data will increase tenfold by 2011.

Finding a place to put all our information is one challenge. But there’s another problem that looms just as large, especially for the small to midsize business with limited IT resources.

“Archiving is less about where to put data and more about getting it back when you need it,” says Andrew Reichman, a senior analyst from Forrester Research. To quote the Old Bard himself, “Therein lies the rub.”

How to organize and retrieve

The big problem for most companies is organizing its data in the first place and then finding the best strategies for retrieval. “Typically where they go wrong is that they start out with one, two, five people in the business sharing one drive and now it’s 10 years later with more than 20 people all dumping their files into that same drive with no thought to organization,” says Matt Dubois, managing partner of D2 Business Solutions in Costa Mesa, Calif.

Dubois would know.  His company is often called in to clean up the mess. “We can spend up to two weeks full-time straightening it out. It’s not just confusing folders and subfolders or missing files that cause confusion. We had one client, a law firm, with an attorney frustrated that his file had not been updated by another employee. The employee claimed the file had been updated. They were both right. The problem was there was a duplicate file and they were working off two versions without realizing it,” says Dubois.

So for the business looking to spring clean their data storage, Dubois offers the following steps:

Develop a naming structure. Does this sound familiar? One employee leaves and his/her replacement inherits a Byzantine filing system of oddly named folders and files that have no bearing on its content or importance. It may seem cute to name all your file folders after NFL teams. But what does that have to do with accounts receivable? Business managers need to establish a protocol for naming folders and files that make sense and that are literal enough that anyone can jump in and find what they need, when they need it. “It needs to make sense. It needs to have some logical structure,” says Dubois.
Backup your data before you start. “When you’re ripping things up, things are bound to get lost,” says Dubois. Additionally as a company dissects its share drives, it’s not likely to know exactly what it has anyway. It’s wise to keep a back-up copy on hand just in case someone needs to go back and find something that got lost in the shuffle.
Chunk it down. Don’t clean up your filing system all at once. Dubois recommends doing it one department at a time. For example, start with accounting, and then move on perhaps to sales. Prioritize which departments need a digital intervention the most.
Reorganize files by department. As data is teased out and organized one department at a time that is likely the best way to structure it in the future — by department. “Give all your employees access to the ‘S’ drive – ‘S’ for share — but limit who has access to which files. Typically, only two people or so need access to each folder,” says Dubois. Bottom line: the fewer people with access to a file system, the fewer people with the ability to spiral it out of control again. It also makes it easier to hold employees accountable for sticking with the naming protocols.
Tagging. The vast majority of small to mid-sized businesses these days are using Microsoft Sharepoint, which allows assigning tags and meta tags for search and retrieval. For companies storing their data on a third party “cloud,” chances are the cloud computing provider is using Sharepoint, as well, or a similar solution. Just like employers need to have naming protocols, there should be tagging protocols, as well, with suggested key words for certain types of data.
Where to put it all

According to a recent study by EMC, 53 percent of all small businesses are still backing up their data on tape. This can’t be very efficient when it comes time to find a file from three years ago that is now buried in a tape rack with a whole other filing system that may or may not make sense.

Tape is out, digital storage is in. Dubois sees most of his clients centralizing its data through products like Microsoft Sharepoint. Sharepoint is bundled in with Microsoft’s line of small business servers each costing just under $1,000. Businesses also have the option of storing their data with third party storage providers. Big name companies like Amazon and Google are renting space on their clouds at prices affordable to smaller businesses. There are countless smaller data storage vendors, as well. All have the added advantage of being off site. So if your building burns down or becomes inaccessible due to weather or a local disaster, the business can be up and running from a remote location.

Businesses shopping for a third party storage provider should be mindful of the features important for their business. How much space is needed? How often will it be accessed and by how many? What kind of security measures are in place to protect the data? How sophisticated are the retrieval tools to pull up files and can they be customized for your businesses specific needs?

If that sounds like a lot of questions to answer, consider this: it beats trying to find last year’s invoices under that Dallas Cowboy folder.

The 10 Most Commonly Used Passwords

In PC Magazine they list the 10 most commonly used passwords.

If you are using any of these, please turn off your computer immediately - or change your password. Adding numbers, upper case characters and other special characters (#, $, @, !, etc.) will make for added protection.

1. password
2. 123456
3. qwerty
4. abc123
5. letmein
6. monkey
7. myspace1
8. password1
9. blink182
10. (your first name)
SHEFFIELD: Hacking of Palin’s E-mail Reveals How Easy It Is
Matthew Sheffield
Thursday, September 25, 2008

ASSOCIATED PRESS Hackers broke into Alaska Gov. Sarah Palin’s Yahoo e-mail account, a screenshot of which is taken from Gawker.com, on Sept. 17. The Republican vice-presidential nominee used the webmail site to send official correspondence.

As FBI agents close in on the computer hacker (said to be David Kernell, son of Democratic Tennessee state Rep. Mike Kernell) who broke into the private e-mail account of Republican vice-presidential nominee Sarah Palin, one startling aspect of the case has emerged - just how easy it was to compromise.

Like many people, Mrs. Palin uses a “webmail” service to send and receive e-mail messages through the Internet.

Since the late 1990s, webmail sites of Yahoo, Microsoft, Google and America Online have attracted hundreds of millions of users through convenient access and free pricing.

Webmail has one important flaw, however, and that is that anyone on the Web can try to get access to your account information.

In the past, attacks on people’s e-mail accounts have relied on computer viruses or programs designed to illegally obtain information. A more sophisticated technique, so-called “phishing,” involves tricking someone to disclose voluntarily their passwords or credit cards through fake Web sites.

In the Palin case, the person who broke into her account did not have anything to do with the computers she uses on a daily basis. Instead, the hacker used a flaw in Yahoo’s webmail service that requires all Yahoo users to secure their accounts through easily obtainable information such as a pet’s name, where you met your spouse, or what your high school mascot was.

While that may seem like personal information, it actually isn’t. Someone with even a casual knowledge of your personal life in many cases could complete that information, as could someone with some time on his hands.

Throw in Google, Facebook, MySpace and personal blogs, and there is a lot of information out there about many of us. A malicious person finding that out would then be able to change your password and have full access to your account.

That’s exactly what happened to Mrs. Palin. Her information was even easier to get since it already had been reported by the news media, as journalists have dug into her background to inform the public. (A similar incident happened to singer/reality television star Paris Hilton in 2002.)

We know all this because the hacker, using the pseudonym “rubico” that the Web site ZDNet linked to Mr. Kernell, told all of this in a posting to a Web bulletin board in which he disclosed how he broke into Mrs. Palin’s account.

It took all of 45 minutes. The hacker was able to reset Mrs. Palin’s password by finding out her birthday, ZIP code and where she had met her husband, Todd.

For someone whose personal life isn’t so public, it would take longer, but it can still be done.

That’s a problem. One that Yahoo owes it to its users to fix.

The best way to do this would be to allow people to specify their own security questions rather than choosing from a list of too-easy queries. Instead of asking your dog’s name, you should be allowed to ask much more personalized questions.

In the meantime, if you’re currently a Yahoo e-mail account holder, there are several things you can do to improve the security of your information:

• Link your account to another one. If you forget your password with your Yahoo account, you can have your password reset instructions e-mailed to your other e-mail address, instead of being asked the default generic questions.

• Answer the questions with a number. If you must answer that your dog’s name is Rover, set up the answer as Rover99 instead. That makes it harder for a would-be attacker to get in.

• Use a synonym. Instead of saying “Rover,” type in a description of your dog. Just make sure to remember it exactly as you typed it in if you ever need to remember.

If none of the above proves satisfying, you can always switch e-mail providers. Gmail, the e-mail service offered by Google, allows you to specify your own password-hint questions as does Microsoft’s Windows Live service.

How to Keep Your Laptop Secure

You can’t beat the convenience of checking e-mail and hopping on the Internet at (Wi-Fi) hotspots found in airports, coffee shops, bookstores, and even in some major parks and urban areas. For the uninitiated, Wi-Fi hotspots are areas where you can use your wireless laptop to surf the Web and check email, often at no cost to you or your company. But the question you have to ask yourself is, just how safe is it to connect? With the proliferation of hackers, viruses and identity theft at an all time high, you are smart to be concerned. Wi-Fi spots are very attractive to hackers because they can use what’s called an “evil twin” connection to access your laptop. An evil twin is a wireless hotspot set up by a hacker to lure people from a nearby, legitimate hotspot. For example, when you log in at your favorite coffee shop, you might actually be logging onto the evil twin Internet connection set up by the innocent-looking person working on a laptop at the next table. The most dangerous evil twins remain invisible and allow you to do business as usual. But in the background, they record everything you are typing. Buy something online and they are recording your credit card information. Log on to your bank account, and they can grab your password. Some hotspots may even feed you a fake web page after you log on asking you to update your billing information. This is the same tactic used in phishing scams.

So what can you do to make sure you are not giving an evil twin access to your laptop?

First, know the name of the hotspot you’re going to use by asking someone who works there. Some businesses will give you printed instructions that include the hotspot name. Again, be careful. Hackers will try to name their evil twin network by a very similar name as the real hotspot, and may even show up as a stronger signal.

The best protection you can have is connecting via your company’s VPN (virtual private network). A VPN will protect your online information by encrypting your data and activity even if you’re connected through an evil twin.

If you don’t have a company VPN, you should assume that someone is looking over your shoulder and recording everything you type in. Therefore, the BEST protection without a VPN is to never type in information such as credit cards, passwords, or social security numbers when connected to a public Wi-Fi hotspot.