Archives for October 2011

Protecting your wireless network


Why wireless security?
When you have a wireless network, you need to make sure it’s kept secure. An unencrypted network presents the potential for security breaches.


Wireless technologies that provide long-range connectivity can’t be contained within an office. When you use a network that’s not secure, hackers could potentially “capture” the information you’re sending back and forth. This means passwords, records, and more.

Isn’t my network already secure?
With some older wireless technologies, like Bluetooth, access is limited by physical proximity to the corporate network. However, wireless technologies that provide long-range connectivity, such as 802.11n, can’t be contained within an office space. That means anyone within range of a non-secure network can gain access.

What happens if I don’t secure my network? 
It may seem harmless to offer your network’s access to outside users, but it’s more than just letting people surf the Internet for free or accidentally send print jobs to your printer. There are actual hazards:

  • Breach of privacy: When you use the Internet, you are sending “packets” of information back and forth. Hackers could potentially capture and open these packets. This means access to passwords, financial records, customer information, private data, and more.
  • Slower access: Additional users on your network, especially those who may be downloading and uploading content, will slow down Internet access for all users.
  • Illegal traffic: Unwanted users may access your network for illegal Internet activity. If this happens, you may be caught up in any legal action taken.
  • Data usage overages: Many ISPs limit your monthly data usage. Unwanted users can cause your account to be in violation of those limits.

Basic wireless security: Encryption
When it comes to wireless security, encrypting your network is the most important security measure—it also may be the only measure you need. Whether sending confidential documents to the Internet or to your printer, encryption will scramble this information to outsiders.

What is encryption?
All of your wireless devices, including wireless printers, connect to your computer through your wireless router. When you encrypt your network, the information transmitted to and from your router is scrambled, making your network’s information unreadable to outsiders.

How do I encrypt my network?
Encryption means creating a difficult network password, also known as an encryption code or passphrase. Note that there are many methods of encryption, though not all of them are secure.

Read on to learn which encryption methods are secure and how to create a strong password.

Types of encryption
There are many methods of encryption, though not all of them are secure.

  • WEP (Wired Equivalency Privacy)
    This basic level of encryption isn’t considered secure. Because some older wireless printers only support WEP, you may have to choose between lowering the level of security for your entire network to WEP and connecting your printer using an Ethernet or USB cable.

    You might also consider upgrading your printer. Remember, though, while using WEP is not encouraged, WEP encryption is better than no encryption.

    To create a WEP password: Make a case-sensitive password using 10-58 digits (use the numbers 0-9 and the letters A-F).

  • WPA and WPA2 (Wi-Fi Protected Access)
    Created in response to WEP’s weaknesses, WPA and WPA2 are the preferred methods of encryption, which use passwords and passphrases. What’s the difference?

    password is generally one grouping of letters, numbers, and/or punctuation without spaces. Example: p@ssw0rrd

    A passphrase is a string of grouped letters, numbers, and/or punctuation (almost like a sentence), including spaces, longer than anyone could reasonably remember. Example: +hI$ 1s An 3xAmpLe 0F @ Ba$iC pa$sPhRa$3!

    To create a WPA or WPA2 password or passphrase: Make a case-sensitive password using at least 13 characters, including upper- and lowercase letters, punctuation, and numbers. If using a passphrase, include spaces.

    Tip: By including spaces, a passphrase is much harder to break than a password. There are many online sites that can generate random passwords for you.

Reprinted with permission from the HP Small Business Center


Ensure the Availability of Critical Applications in a Virtual Environment


A recent high-profile cloud computing outage that temporarily knocked out a number of popular websites served as a reminder that, while cloud outages are rare, they can happen. Although service was restored for many of the sites later the same day, the incident “sent a chill” through the cloud community, according to one analyst. ¹


The outage also underscored many of the findings of the most recent Symantec Disaster Recovery Study, which found that, for today’s organizations, the growing challenge of managing disparate physical, virtual, and cloud resources is adding more complexity to their environments and leaving business-critical applications and data unprotected.

Continue reading to learn about the specific management challenges posed by virtualization and the cloud and the steps your organization can take to help reduce downtime.

Too many tools, not enough protection
The Symantec survey, which polled more than 1,700 IT managers in large organizations across 18 countries, provides ample evidence that virtual systems are not being properly protected. And this comes at a time when respondents reported that between one-fourth and one-third of all applications are in virtual environments.

For example, the survey found that nearly half of the data on virtual systems is not regularly backed up, and only one in five respondents use replication and failover technologies to protect their virtual environments. Respondents also indicated that 60% of virtual servers are not covered in current disaster recovery plans. That’s up significantly from 45% reported by respondents in 2009.

Another key finding: Using multiple tools to manage and protect applications and data that reside in virtual environments causes major headaches for data center managers. In particular, nearly 60% of respondents who encountered problems protecting business-critical applications in physical and virtual environments said this was a major challenge for their organization. As one data center manager for an automotive company put it: “If I knew of a tool that would do everything for us, I’d be happy to take a look at it.”

Approximately two-thirds of the respondents said security was their main concern about putting applications in the cloud. However, the biggest challenge respondents face when implementing cloud computing or cloud storage is the ability to control failovers and make resources highly available.

Best practices to reduce downtime
Symantec believes data center managers should simplify and standardize as much as possible so they can focus on fundamental best practices that help protect critical applications and reduce downtime:

  • Treat all environments the same. Ensure that business-critical data and applications are treated the same across environments (virtual, cloud, physical) in terms of DR assessments and planning.

  • Use integrated tool sets. Using fewer tools to manage physical, virtual, and cloud environments will help organizations save time and training costs and help them to better automate processes.

  • Simplify data protection processes. Embrace low-impact backup methods and deduplication to ensure that business-critical data in virtual environments is backed up and efficiently replicated off campus.

  • Plan and automate to minimize downtime. Prioritize planning activities and tools that automate and perform processes that minimize downtime during system upgrades.

  • Identify issues earlier. Implement solutions that detect issues, reduce downtime, and recover faster to be more in line with expectations.

  • Don’t cut corners. Organizations should implement basic technologies and processes that protect in case of an outage, and not take shortcuts that will have disastrous consequences.

Why you need to monitor the health of an application
When it comes to ensuring the high availability of business-critical applications, today’s IT organizations have little margin for error. Recent research illuminates the extremely tight parameters that businesses are working with. According to a report by the Enterprise Strategy Group, respondents said their organizations would suffer “significant revenue loss or other adverse business impact” if their business-critical applications were unavailable for anything from no time up to 1 hour. ²

Of course, ensuring the availability of business-critical applications means more than just ensuring that the virtual machine is running. Just because the virtual machine is available doesn’t mean the application is running properly. While VMware HA provides a robust mechanism to detect failures of infrastructure components, there’s still the question of monitoring the health of an application running within a virtual machine.

Symantec has extensive experience monitoring an application’s state and reacting accordingly in the event of an application failure. ApplicationHA, Symantec’s high availability solution for VMware virtual environments, provides application visibility and control while monitoring the health of an application running within a virtual machine.

The latest release of ApplicationHA enables administrators to monitor the health of hundreds of applications, at once, across their VMware environment via a dashboard.

At the same time, ApplicationHA’s deep integration with VMware vCenter Site Recovery Manager helps organizations address the challenges of traditional disaster recovery so that they can meet their Recovery Time Objectives, Recovery Point Objectives, and compliance requirements. With Application HA and Site Recovery Manager, organizations can quickly manage failover from their production datacenters to disaster recovery sites and ensure their applications are running in the event of a disaster.

As more and more IT organizations adopt new technologies such as virtualization and cloud computing to reduce costs and enhance disaster recovery efforts, they’re adding more complexity to their environments and leaving business-critical applications unprotected. These organizations should strongly consider adopting tools that provide a holistic solution across all environments. Data center managers could then focus on fundamental best practices to help reduce downtime.

To learn more, view the Symantec webcast, “Virtualize Business Critical Applications with Confidence Using ApplicationHA.”

Used with permission from Symantec

¹ “Amazon gets ‘black eye’ from cloud outage,” Computerworld, April 21, 2011
² “2010 Data Protection Trends,” Enterprise Strategy Group, April 2010


5 ways to win the PC security battle

Yes, as you’ve doubtless heard umpteen times, even the smallest business is vulnerable to a PC or network security breach. But you can find some peace of mind simply by taking some preventive measures. Better yet, by taking action before an incident occurs.

IT consultants believe that the most effective data security policies are those that treat security not just as an IT problem but as an underlying business process. What good are firewalls, for example, if you don’t have a way for trusted business partners to access your network from a remote location? How effective is a software patch management service if telecommuting employees who are rarely in the office aren’t encouraged (or forced) to update?

Step one for any security strategy means getting your entire organization involved in the discussion. If you’re an IT type, find yourself a champion who has line-of-business responsibilities; someone who understands your company’s customers. If you know very little about technology but want to protect your company’s most precious intellectual property assets, find someone who can approach the problem both tactically and strategically.

“You can’t just put locks on the windows,” says Rory Sanchez, president of SLPowers, a security consulting services provider in West Palm Beach, Fla. “You need locks on the doors, bars around the windows, a dog in the yard. And, just in case, you need a shotgun by the bed.”

Five questions to guide your security soul-searching

Before his company even thinks about recommending specific products, it focuses on understanding potential customers’ business concerns, says Ralph Figueiredo, director of sales and business development for Aurora Enterprises, a data security consultant in Torrance, Calif., says.

Here are five questions that Figueiredo requires his sales team to ask business prospects. They may help to provide a logical framework for your own security soul-searching.

1. Who are your customers and business partners?

For Figueiredo, this question serves two main purposes. First, it helps him understand which data is most critical. For a services company like Aurora Enterprises, customer records are its most valuable assets. A manufacturing organization, however, might be more concerned about safeguarding certain pieces of intellectual property or product information. By asking about business partners, Aurora can determine how “virtual” a company’s business operations are. If a company relies on a large number of subcontractors who need network access to confidential information, the security architecture will take on a different shape.

2. How do you communicate information with customers and business partners?

This question helps gauge the sophistication of a company’s IT operations as well as the flow of information throughout an organization. Are communications mainly relegated to e-mail exchanges? Or do customers and partners interact through online portals that require a password for entry? If so, what information is created and kept there?

3. Is your business in a regulated industry?

The ramifications of a breach of security are more severe for some business segments than others. In certain states, such as California, certain types of companies are required to disclose certain sorts of security breaches publicly. Figueiredo says most businesses are understandably eager to avoid this sort of publicity. “No company of any size can afford for 25% of their customers to go elsewhere,” he says.

4. Does your company currently subscribe to a policy for physical/facilities security or any other access control guidelines?

The moment you block access to information, you have to list exceptions to the rule. If a small business has already considered a system for controlling physical access at its sites, this can serve as the foundation for a data security project. Your facilities manager (if this isn’t you) can help identify pitfalls and benefits that may help better make your case with those within your company who may need extra convincing on the budget side.

5. Do you know where confidential data is stored?

In the past year, we’ve all read countless examples of respected companies who deployed extensive network security strategies, only to have valuable records walk away via lost or stolen notebook computers loaded with unauthorized information. This is, in part, an access-control problem. It also suggests a need for better data management policies, the foundation for any workable security plan.

Five ways to be proactive

1. Make sure hardware — especially firewalls, networks and IP telephone systems — is configured properly.

At a minimum, invest in a firewall and antivirus software that stops viruses at the gateway into the network.

How many times have you heard about an insecure wireless network that was secured simply by readjusting or turning on the basic settings? The same goes for setting up network servers and firewalls: Hire a technical person who can install them properly.

“A lot of security simply has to do with proper configuration,” says Alex Zaltsman, partner and cofounder of Exigent Technologies, an IT consulting firm in Morristown, N.J.

“I think security concerns need to be part of every project you do in technology,” echoes Kevin Geiger, manager of network integration for Acropolis Technology Group, another IT consulting services company in Wood River, Ill.

Acropolis offers a managed maintenance and monitoring service that does just this behind the scenes, keeping track of changes to all devices across the network including servers, desktops and laptops, and making sure updates for firewalls are handled promptly. The updates are tested in a lab setting before being dispatched at a client site, and changes are made at night so there is a minimal impact on the company’s day-to-day operations.

Security breaches are easier to track this way. Consider the case of one Acropolis client who had his laptop swiped. Because the laptop could be monitored from a remote location using Acropolis’s service, law enforcement officials were able to trace the alleged thief when he logged on to the Internet using the stolen computer. Kind of like the LoJack system for cars. “It’s now possible to offer small businesses something that rivals what larger companies have,” Geiger says.

2. Standardize your operating system.

It’s simpler to manage your desktops and servers if they all have the same basic profile and software, rather than trying to keep up with a hodge-podge of different versions.

Zaltsman says it’s less important to have the latest operating system, but it is vitally important that the operating system being run by a small business be supported by the manufacturer. “For small businesses, as a matter of practicality, Windows is really the easiest thing to maintain and secure. Having a qualified person work on it is really the best way to secure it,” he says.

3. Invest in ongoing patch management procedures.

Of course, widely used operating systems are also those targeted most often by hackers who want to compromise your data security, infect your systems with all manner of malware such as viruses or spyware programs that capture information, or barrage your company with spam. Windows XP and Vista, by virtue of their installed base, are probably the most widely targeted operating systems.

No doubt, Windows 7 will be an attractive target for hackers. But Microsoft went to great effort to build security features into the new operating system.The company also offers a range of tools to protect your computers and network against the latest security threats.

4. Consider using “hosted” applications.

Although this option isn’t necessarily for everyone, some small businesses are exploring the notion of making data storage-and by extension data security-someone else’s problem by using application services and keeping software off their desktops. One example is e-mail. About 44 percent of small- and mid-size businesses handle messaging via a service, rather than their own server. Likewise, about 40 percent use a software service for customer relationship management, according to statistics from Forrester Research.

More software vendors, including Microsoft, now offer their applications as subscription services rather than packages you load onto your computer. “By opting for a service, you are offloading some of the risks,” says Geiger. “In theory, these services have all the right stuff on the back end to be hosted securely.”

5. Adopt an integrated approach to security technology instead of trying to plug holes one at a time.

Even if you can’t invest in security products you’d like, it’s best to consider individual components that work together well-from firewalls, encryption software and antivirus services to spam filters. That way, as you add different features over time, they won’t mess up what’s already installed. Those in the IT industry refer to this philosophy as unified-threat management. “When we recommend security products, we talk about a platform approach and we try to recommend things that work together,” says Figueiredo.

One example is data encryption, which can be handled at many different junctures: in e-mail, on servers, on desktop and laptop hard drives. If a company invests in different point solutions to handle each piece, its overall protection will likely be less effective than if it had considered technology that addressed these problems in an integrated fashion.

Reprinted with permission from the Microsoft Small Business Center by Heather Clancy


HP to Keep PC Division

Continued combination of HP and its Personal Systems Group expected to deliver greater customer and shareholder value

PALO ALTO, Calif., Oct. 27, 2011

HP today announced that it has completed its evaluation of strategic alternatives for its Personal Systems Group (PSG) and has decided the unit will remain part of the company.

“HP objectively evaluated the strategic, financial and operational impact of spinning off PSG. It’s clear after our analysis that keeping PSG within HP is right for customers and partners, right for shareholders, and right for employees,” said Meg Whitman, HP president and chief executive officer. “HP is committed to PSG, and together we are stronger.”

The strategic review involved subject matter experts from across the businesses and functions. The data-driven evaluation revealed the depth of the integration that has occurred across key operations such as supply chain, IT and procurement. It also detailed the significant extent to which PSG contributes to HP’s solutions portfolio and overall brand value. Finally, it also showed that the cost to recreate these in a standalone company outweighed any benefits of separation.

The outcome of this exercise reaffirms HP’s model and the value for its customers and shareholders. PSG is a key component of HP’s strategy to deliver higher value, lasting relationships with consumers, small- and medium-sized businesses and enterprise customers. The HP board of directors is confident that PSG can drive profitable growth as part of the larger entity and accelerate solutions from other parts of HP’s business.

PSG has a history of innovation and technological leadership as well as an established record of industry-leading profitability. It is the No. 1 manufacturer of personal computers in the world with revenues totaling $40.7 billion for fiscal year 2010.

“As part of HP, PSG will continue to give customers and partners the advantages of product innovation and global scale across the industry’s broadest portfolio of PCs, workstations and more,” said Todd Bradley, executive vice president, Personal Systems Group, HP. “We intend to make the leading PC business in the world even better.”

More information is available at


IT Channel Perspectives: Meet CompTIA Member Steve Harper

CompTIA member Steve Harper is president and CEO ofNetwork Management Group Inc. (NMGI) , a managed services provider and consulting business based in Hutchinson, Kansas. He is a long-time contributor to CompTIA and has been with the association in a number of leadership and support roles over the years, including an appointment to the Board of Directors.

Harper is always willing to share his IT channel experience and expertise with peers, vendors and distributors. He has served on advisory boards for several technology companies, including: IBM, Compaq, HP, Toshiba, 3Com, McAfee, Entre, Intelligent Electronics and Ingram Micro. His straightforward feedback and suggestions are likely responsible for many channel program improvements over the years.

With an undergraduate degree in accounting from Wichita State University and 10 years of experience in commercial banking, he has been able to master both the financial and technology sides of his business. With that unique perspective on the industry and his philanthropic nature (United Way, Boy Scouts of America, etc.), Steve Harper is someone that many people count on.

Want to learn more about Harper and get some valuable advice on improving your business? Then check out the video of our discussion from CompTIA Breakaway.

Origianally posted on the CompTIA blog. Click here to see the original post.


An Enlightened Approach to Practice Growth

A new e-book available for free download

Article by Rick Solomon



Tapping into the human side of the equation for practice growth and success is undoubtedly the next frontier for our profession. It’s absolutely necessary to evolve our practices into the future. We’re not talking about a better marketing plan or a new strategy, but rather a true game changer. We have tremendous potential for success, and yet we ourselves are the biggest obstacles to that success. Removing these hidden barriers, as a growing number of accountants are beginning to demonstrate, opens up worlds of possibilities for success, abundance and enjoyment well beyond what many might even consider possible.


When it comes to growing a practice, I’ve long held the view that most firms are unaware of, or fail to address, the single most important growth factor.  This missing factor is why so many firms struggle with growth, while the few firms that have figured it out enjoy healthy growth with little effort. Just imagine if a single factor was removed from an algebraic equation. No matter how much time you spend trying to solve it, or how hard you work at it, or how much outside help you have, you won’t solve it. That’s because if a factor is missing, it’s unsolvable.  So it is with practice growth.

There’s no shortage of resources, trainings, marketing consultants, and the like to help firms grow, some of which is quite good. We’re always looking for the next great thing to achieve growth. And yet, in the search for the best solutions, most tend to overlook the single most important growth factor, the one closest to us. It’s the “Human Factor”.

Virtually every person in a firm has an untapped potential for playing a meaningful role in the firm’s growth. While external solutions certainly play a role, by far the greatest results are achieved by tending to the human factor. In my experience as a practice growth advisor, it became clear to me that how an individual views practice growth, their beliefs about themselves and what it takes to succeed at it, has a far greater impact on their results than anything else. Helping them let go of these self limiting beliefs frees them to achieve more, with less effort.

Inspired by these findings, I set out to find a way to apply this understanding to firms on a larger scale. Starting with a small group of accountants, I organized an experiment to explore what was possible with a concentrated group focus on this human factor. The experiment, which later evolved into an ongoing program, demonstrated beyond a doubt that when we get out of our own way we can create extraordinary results for our clients and our firm, and do so with less effort.

The results of this experiment, and the principles upon which it was formed have just been published in an e-book that is available online for immediate access, at no cost.

This e-book describes foundational truths and principles that you can apply in your own firm. It also includes five case studies about how different accountants in very different situations experienced remarkable results by ridding themselves of their self-limiting beliefs, and a video interview and other resources. Implementing even a small portion of what you’ll read or hear could have a huge impact on your practice.

As a growing number of accountants are beginning to learn, never believe in anything that limits you.

Enjoy the journey!