Dropbox is an excellent online storage program that offers 2GB of storage space for free.  Once installed, it will automatically synchronize a “My Dropbox” folder in your Documents folder with your Dropbox account.  You can access this folder very easily online and can even share folders within your dropbox folder with anyone you wish.  If you have multiple computers.

You can sign up for a free DropBox account.

---

This tech tip was brought to you by: CIO Solutions Santa Barbara, CA Information Technology Outsourcing and Managed Services.

Given a disaster, will you become a survivor or statistic? Business Continuity and Disaster Recovery (BC/DR) requires more than a back‐up of your data. It is about developing a plan to help our friends survive, regardless of the business interruption. Too often the business interruption is an event that has no impact on the building or the employees, but can be fatal to the company. Some of these situations might be a product recall, misinformation being circulated to clients, data embezzlement or a drawn out legal issue.

Understanding the difference between Business Continuity and Disaster Recovery is a key to helping an organization understand the need for a thorough Business Continuity Plan.  For future reference we offer the following definitions

Business Continuity-The need for an organization to continue to function even after a disastrous event.

Disaster Recovery-The ability to respond to an unplanned interruption and implement a technology and communications recovery plan and successfully restore an organization’s critical operational functions.

It is clear that Disaster Recovery is in fact a subset  of Business Continuity and that by themselves the recovery of communications and technology are not sufficient to bring an organization back to a state of function and normalcy.

The practice includes assistance and training in BC/DR Plan Development, DR Testing as well as GAP Analysis and implementation. Using a proven methodology and software template to build a thorough and maintainable Business Continuity Plan that incorporates Disaster Recovery can bring immediate and discernable financial benefit to your firm as well as delivering the key to Survivability.

A few of the benefits are:

• Competitive Advantage
• Client Confidence
• Insurance Savings
• Employee Attitude
• Technology Efficiencies and Savings
• Increased Stockholder Value
• Improved Processes
• Peace of Mind

Areas that are covered during the development of a qualified BC/DR Plan are:

• Disaster Prevention
• Establish Recovery Teams
• Legal Compliance
• Policies and Procedures
• A Complete Technical Inventory
• Vendor Vulnerability
• Call Trees for Notification
• Client Notification
• Telecommunications Recovery
• Using the BC/DR Plan for Profit

Have you ever seen a house that was built without a plan?  Why would you do the same with your business?  After a serious business interruption, the recovery process needs to follow a plan, the plan to survive and continued success.

We look forward to helping your firm become a more survivable one and not a statistic!

David Manion – Partner , CW Technology and Certified BCP Consultant

PDFmyURL.com is a great way to make pdf files of web pages.  It will maintain the look and feel of the site and the integrity of the links.  If you are presenting website information in a PDF format, this is a must have.

---

CompuVision Systems (Based in Edmonton, A) is a leading outsourced IT Provider that focuses on helping small businesses achieve their business goals by delivering enterprise class IT service and support.

Portable Applications you can take anywhere.

Simple. Install them on your thumb drive. Its always a good idea to be prepared, so if you find yourself using other people’s computers on a regular basis, you may want to get a thumb drive and set it up to work as a stand alone software source.

---

Founded in 1987 in Deerfield IL, TechCare LLC. quickly earned an exemplary reputation for our expertise and passion for serving clients of IT support in the creative, professional service and education sectors. More than 20 years later, we have grown to serve a wider range of industries and we have a more comprehensive catalog of information technology products and services.

Any job definition for a network administrator or IT organization includes keeping computer systems software current as a critical part of the job. Software vendors release updates, or “patches,” on variable schedules, fixing issues from simple cosmetic changes to critical security vulnerabilies that might be fatal to a company’s network – and, therefore, fatal to their ability to operate.

But for a small business decisionmaker with a long list of urgent priorities and limited IT resources, it’s hard to prioritize a potentially time-intensive, proactive activity that often fixes hard-to-understand problems and shows few immediate benefits. Why should a small business commit their limited time or IT budget to patching obscure problems?

What about the small business with a Macintosh presence? The once-specialized systems are finding a home in many small businesses that were formerly Windows-only. But updating the MacOS and Mac applications can seem to be an even lower priority than for Windows – when did you last hear about an exploit for the Macintosh?

Even for a business that knows they should be regularly patching all their systems, how do they get started? Then, how do they prove that they’re up-to-date, protected and reaping the benefits of their investment? In many markets, managers are asked to show partners and customers that proprietary data is protected fromm routine exploits. A responsible decisionmaker can’t wait for a widespread malware exploit to hit the Internet before finding out if they’re protected.

Keeping up with ever-growing numbers of applications and vendors is a constant challenge even for enterprise IT organizations. Many small and medium businesses, lacking enterprise-level IT resources, have a haphazard approach (if any approach at all!) to making sure their critical systems are up to date.

In the same way a business has a process for finding, hiring, training and managing their employees, a business that takes a serious approach to IT challenges will have a defined process for discovering, validating, deploying and reporting system updates and patches. Having such a defined process is how a company can move from patch confusion to Patch Management. This paper will help businesses answer the questions above and understand why patch management is a true concern and not just IT doublespeak.

Why should a small business commit limited resources to Patch Management?

Justifying any expenditure of time or money is critical to every small business decisionmaker. The biggest challenge when trying to justify proactive IT activities is that when properly executed, a proactive strategy won’t lead to flashy, easily quantifiable benefits. Ironically, proactive activities are working best when they’re least noticiable.

What is easy to quantify is your losses when there’s an IT crisis. Unhappy customers, lost sales and idle staff are the nightmares of every owner or manager – and even a small IT problem can leave a small business with all three.

There are certainly hurdles to implementing a true Patch Management strategy. But as we’ll see later, a good solution will cost a company far less than the near-inevitable IT catastrophe that would result from ignoring system patches and updates. A single exploit can result in catastrophic loss of data, damage to a company’s reputation with partners and customers, thousands of dollars in direct and indirect remediation costs, lost effort when work must be replicated and even, in certain businesses, legal liability if protected information is lost or comprimised.

Just a few examples we’ve seen…

An IT organization responsible for several hundred systems experienced some rapid turnover in their workstation support staff. Even though the servers were correctly updated and patched by an accountable organization, the internal staff let the ball drop on workstation upgrades for 2-3 months, because of the chaos in the organization. As a result, their entire network was victimized by a preventable vulnerability – and they found themselves with egg on their face as they needed a complete rebuild of their Windows domain.

A professional services firm had a part-time IT manager – but when the IT manager fell behind on updates, no one in mangement knew about it, as there was no formal accountability for updates and he hid the situation from his superiors. When we were finally brought in, we found Internet-facing systems hosting customer data that hadn’t been patched in a year. The firm faced not only a hefty bill for direct remediation, but embarassment with their customers as they were forced to reveal the vulnerability of the data. As they tried to repair their credibility, they faced additional expenses in the form of continuing security audits to show their customers not only that the current vulnerabilities were repaired, but that data wouldn’t be comprimised again.

A company’s highly mobile workforce was victimized when their enterprise-quality email server – that had no enterprise quality support – was brought down by an Internet worm that prevented anyone on the road from sending or receiving email for over a day. We came in and patched the vulnerability after a day and a half of downtime; not long in aboslute terms, but enough time for at least a potential sale to be lost when a bounced email convinced the prospect that the company must have gone out of business.

Consider your own business, and the cost of losing a day or week of work versus the cost of a reliable systems update service.

The problem doesn’t even have to be catastrophic to have a major effect. For a tech-centric business, even a 10% slowdown in performance, or a couple server crashes a month, can add up to weeks of lost productivity over the course of a year. Even a few days of lost productivity can easily outweigh the annual cost of a good patch management service.

What about my Macintoshes?

It’s conventional wisdom among many longtime Macintosh users that security patching and updating just aren’t that important for Macs. Mac users can (quite accurately) brag that there has never been a Macintosh exploit that caused the problems that Melissa, Blaster or Nimda caused for Windows users.

However, the stellar security record that has drawn many new users and businesses to the MacOS makes the “conventional wisdom” a false sense of security for many Mac users.

In this case, a decisionmaker has to think like the IT security community, the people who face these issues every day. There’s a consensus among these experts that there isn’t a true technical basis for the MacOS security record — that as Macintoshes become more numerous and get a reputation for their security, it’s a matter of when they become a target, rather than if.

No one can claim that the MacOS has no vulnerabilities whatsoever — Apple releases security updates on a regular basis (58 during 2004-2005).

Looking at the history of Windows security, many people don’t realize that the most successful worms exploited vulnerabilities that had been publicly known for months, if not years. In every case, Microsoft had released a patch long before the exploit entered the wild.

Combining this history with the certain knowledge that the MacOS is not invulnerable, we can deduce that when a succesful Macintosh exploit does enter the wild, it will probably attack a vulnerability that has been known about for quite a while – but only the Macintosh users savvy enough to protect themselves proactively will be safe.

We can also guess that if there is a successful, well-publicized Macintosh exploit, it will probably launch a host of imitators hoping for the same attention, as already happened on Windows operating systems to make security such a concern.

There is no doubt, looking at the history and listening to authorities, that lack of vigilance may put Macintosh based businesses at greater risk than their Windows counterparts. Small businesses who depend on the Macintosh to operate need to give security patching the same priority as they do for their Windows systems.

A true Patch Management strategy? Or a placebo?

For many businesses, a patch “strategy” consists of using the built-in operating system utilities to check for updates and install them automatically.

Without a doubt, this shows an interest in doing the right thing and it’s better than no action at all. However, it leaves the business with a new set of questions and concerns.

• Microsoft and Apple aggressively test their patches before releasing them – but certainly not with your specific mix of hardware and applications. How do you know they won’t cause compatibility issues before you install it across the entire company?
• If a patch does conflict with one of your critical custom applications, how do you figure out which patch is to blame, and remove it?
• Speaking of custom apps, when did you last check the version numbers on your software that Microsoft or Apple doesn’t automatically update?
• What happens to your network performance when 15 workstations all try to download 100 MB of updates at the same time?
• How much downtime is necessary to manually install patches and reboot systems?
• How much does that downtime cost?
• Who, if anyone, is notified when patches fail to install? Do they have the expertise to troubleshoot the problem? Or will they just click “OK” and leave the system vulnerable?

Neither Windows nor Macintosh built-in utilities will answer these questions. So you might be protected when they start talking about the next big Internet worm on CNN – or you might not.

When that day comes, is your business really better off than you would’ve been with no action at all?

Separating Patch Confusion from Patch Management

True Patch Management combines specialized tools with business best practices to give you the knowledge that you are definitely protected – not the false sense of security that “something” is being done, without knowing what that “something” might be.

A true Patch Managment Strategy has a documented process for both the technical and nontechnical activities involved.

• Discovery of new updates and patches, based on the operating systems, hardware and applications in use.
• Validation that patches are necessary on a technical level and compatible with the rest of the environment.
• Deployment of the patches, including downloading and actual installation of the updates.
• Reporting that audits what patches were installed and when they were installed on each system, for the purposes of technical troubleshooting and managerial oversight.

Unless each of these activities are taking place, either on a manual or automated basis, a business is asking for problems. Without trusted and thorough discovery, new updates can fall through the cracks. Validation saves countless hours wasted in deploying unnecessary updates or recovering from the application of an incompatible update. Timely deployment ensures that at a time when vulnerabilities are subject to exploit days or weeks after discovery, your system is secure before exploits reach the wild. Finally, without reporting you have no oversight of your IT activites – no way to know if you are getting what you’re paying for, or protected at all.

Can a small business possibly manage all these tasks?

Obviously, it’s no mean feat for a busy owner or busy employee who is multitasking as an IT guru to reliably complete these tasks. However, considering the stakes, a decisionmaker can’t ignore these needs completely.

Many of these tasks can be automated, via systems management software, or outsourced to an outside organization far more economically than they can be performed by a small business owner or employee. On a technical level, it’s easy to outline the attributes of a reliable Patch Management service or system. A system must:

• enable incremental testing and rollout based on system type and function, so that patches are validated ahead of time and won’t disable all systems of a certain type when unforseen problems are encountered.
• incorporate scheduling capabilities that prevent patch installation and reboots from interfering with other critical activities, such as overnight backups or third shift employees.
• account for the proper order of installation, whenever one patch must be installed before another.
• provide detailed accounting of what patches were installed, and when, for troubleshooting purposes.
• show management, at a glance, compliance with company patch management policies.
• enable rollback to the previous system state, not leaving a system unusable when a patch install is unsuccessful.

Summary:

Having true Patch Management, rather than patch confusion, is an ongoing process and may sound like just another headache for the time and cost constrained small business. But clearly, when IT problems can cost a business time, customers and their reputation, a lack of reliable patch management poses a risk that no small business can ignore.

Addressed proactively, patch management can be implemented in a cost-effective manner for any business. However, if a decisionmaker doesn’t approach this issue proactively and find a way to make the process part of their routine business operations, they will certainly be forced to see their mistake when a preventable IT crisis paralyzes their business.

Freecorder4 is a great way to capture video from online and add it to your iPod, iPhone, Droid or other portable device.  It has a variety of conversion options and is free. Download the browser plugin.

---

If you live in Berkeley, CA and are looking for IT support, talk to the folks at EndSight. They offer an amazing range of IT services and support so you will never have to worry about networking or computer issues in your office again.

We all know that downtime is a bad thing and that as the technology becomes more important to daily life, downtime hurts companies that much more. Downtime can have subtle, difficult to measure effects on sales and productivity.

• Are sales simply re-ordered after downtime, or do customers switch to more dependable company?
• Do employees just do other work during downtime, or does downtime result in lost work, psychological impact, so that it takes longer than the downtime to recover?

But how can you MEASURE the cost to your company so you can plan and budget accordingly? While there are several methods for calculating the cost of downtime, there is a relatively simple formula that most small business owners can use for estimating and planning.

Estimated Average Cost of hour of downtime = Employee Costs per Hour * Fraction Employees Affected by Outage+ Average Revenue per Hour * Fraction Revenue Affected by Outage

Employee Costs per Hour: total salaries and benefits of employees per week divided by the average number of working hours

Average Revenue per Hour: total revenue per week divided by average number of open hours

“Fraction Employees Affected by Outage” and “Fraction Revenue Affected by Outage” are just educated guesses or plausible ranges for estimating

Let’s take an average small business with 20 employees and $5 million per year in revenue. The revenue per hour, assuming 8 hours per day and 5 days per week, would be $2,400. The cost of employees per hour, assuming employee average with benefits at $70,000, would be $675. If an outage impacted 50% of your employees for one hour, then the downtime could be estimated at $1,500 per hour in lost revenue and production.

… but what about the soft cost? These costs are tougher to estimate, but have great impact to your business!

Cost of repair, such as cost of employee overtime or bringing in consultants to resolve the issue

Frequent outages can lead to a loss of confidence in your company, from employees, vendors and customers

The bottom line is that downtime cost real money, either in lost productivity, lost sales, or increased IT expenses. When small businesses include these costs into planning, they are better poised to mitigate the risk.

When I was in college, I had to move every year. I lived in a fraternity house and that really simplified the logistics. Even though I never had to move more than a few doors down the hallway, I still didn’t like it. The idea of a uprooting all of my things, transporting them, and then having to find new places for everything, was a daunting task that stressed me out every time.

As Endsight’s outsourced IT business has grown, we’ve been heavily involved in a staggering number of office moves. Every time, it’s easy to recall the stress I felt as an undergraduate with my mini fridge and futon. Obviously, the client has much more to consider which makes the stress level even greater.

While each employee here at Endsight does what it can to standardize the contribution to an office move, no two office moves are ever the same. Having been through enough of these, I thought it would be helpful to list some of the key advisers and partner/vendor rolls to consider as part of your planning process.
Many of our clients begin the process by seeking out side council from key strategic advisors.

Contemplating an Office Move:

• Commercial Realtor (Help you selected a new location)
• Banker (Help decide the best way to finance the move)
• Accountant (Help you decide if you can afford the move)
• Lawyer (Help you avoid costly legal issues associated with the move)
• Once a location has been selected, there are a number of other partner/vendors to involve in the process.

The New Office:

• General Contractor (Tenant improvements)
• Architect (Make it look fabulous)
• Cable Installer (Network cabling)
• HVAC (Server room)
• Signage (Sign out front, names on the office Doors)

Moving the Office:

• Mover (To get from point A to point B)
• Phone System Support (Take down and set up phones)
• Computer System Support (Take down and set up computer systems)
• Internet and Phone System Connectivity (Connect to the outside world)
• Office Furniture (Acquire new and /or liquidate old)
• Printers, Faxes & Copiers (Often times these are under contract)

Communication:

• Marketing (Promote new location, update Website, send a news letter, and create a promotional item)
• Printed Materials (Letterhead, business cards, marketing collateral)

Most businesses enjoy existing relationships to leverage as part of the planning process. If your company needs help filling in the roster, Endsight can help by facilitating introductions to our network of colleagues. If your small business is planning a move click here. I would be happy to meet in person with you to discuss your plan.

Six Reasons For Not Delaying Critical IT Decisions

As we move into the New Year . . . actually a new decade, many of us throw away our old lists and start new ones. So in that spirit, one such list is something I will call “Six Reasons For Not Delaying Critical IT Decisions” even in the face of today’s economic challenges.

Cost cutting measures can be prudent, or even necessary to survive. But sometimes delays in spending can be shortsighted. Here are 6 reasons to not delay those important upgrades:

Steve Feldman – President, Techcare, LLC

There are many things to take into consideration when selecting a new technology partner.  Information Technology partners will play a major role in how your company access information and what happens in the event of a failure in the system.  Here are a some questions that you MUST ask any managed services company before you enter into contract with them.

1. How long has the partner been in business?
2. How many Clients does the partner serve?
3. Approximately, how many servers are managed? PC’s?
4. Define the core market segment the partner serves?
5. How many total employees?
   • Sales
   • Administration
   • Technical
   • Help Desk / NOC
   • Field
6. Do they use sub contractors?
7. Do they outsource any of their support services?
8. Normal Business Hours?
9. How do they deal with afterhours support?
10. What is the partners privacy policy (technicians will have access to your Clients data)?
11. How is post installation support handled?
12. How is routine security and performance maintenance accomplished?
13. What is monitored and how are alerts handled?
14. How is the system information and firm procedures documented?

These questions will give you a solid start in evaluating their value to your company and their commitment to customer support.  Now that you have those answers,   you need to get a reference list.

1. How many companies were on the list? – (should be at least 10)
2. How many have you called? – (should be at least 3)

---

PC Network Services offers Information Technology support and managed services for small to medium size companies in and around Pittsburgh, PA. They offer an amazing range of services and support so you will never have to worry about networking or computer issues in your office again.