Blog

GettyImages 505303133

10 Questions Every Company Should Ask Before Outsourcing IT Services

10 questions to ask while considering outsourcing your IT services to a provider.  

Many companies are outsourcing their IT functions due to convenience and budgetary constraints. Small- and medium-size businesses can focus their hiring of staff for their core business, and hire an IT consultant for their expertise and efficiency. However, even with the growth in IT consulting, there are several things you should consider before signing a contract.

Questions for Managed IT Service Providers

It easy to fall prey to assumptions when interviewing consultants to outsource IT services. Packaged services don’t always include additional IT support, management, maintenance and security needed for your business’ network. When agreeing to a contract, look carefully to make sure it contains everything you need. Here are some questions for you to ask when interviewing a new consultant.

1. How do you support security compliance?

Often IT providers support security compliance through their package bundles which include an array of features and components. On this list of features you should see firewall configuration, vulnerability patching, incident response, intrusion detection systems (IDS), demilitarized zones (DMZs), intrusion prevention systems (IPS) and more. These features should be included by default to protect your data and hardware.

Dependent on your industry and client list, you should have a good idea of the level of security necessary for your network to ensure compliance and proper security documentation. Discuss this with any providers you interview to match the level of security needed to protect your business.

2. How do you manage service integration?

In order to stay competitive, your company needs to fine-tune service integration. Standard Information Technology Infrastructure Library (ITIL) capabilities require integration and automation from your IT service provider to minimize errors and provide secure and effective on-demand service delivery.

3. How do you support incremental outsourcing?

In order to reduce risks associated with outsourcing, you can divide the requirements you need into manageable projects. If you provide a specific set of deliverables to your service provider to work with in a trial setting, you can better assess their completion. You have the option of having the work done on your premises or remotely to better prepare for completely outsourcing managed services.

4. Do you provide a service-level agreement (SLA)?

The service-level agreement (SLA) is one of the most important factors in outsourcing IT services. This agreement is where the service provider details the list of support actions they will provide including end-to-end program management and deliverables to your company.

The agreement should lay out how the provider will take on the project from your company, deploy a small remote or on-site team to coordinate and complete the work. Included in the agreement are delivery dates, the effectiveness of the work, surveys to ensuring the quality of service, and timeframes for the availability of services and service request response times.

5. How flexible is the SLA?

Can the provider grow and change as your business does? Changes within your company should be reflected by the services provided for your IT needs. As you grow, your company will hire more people, take on new projects, add new departments and functions, and have a need for scalable IT infrastructure from your IT provider. In fact, your service provider should have expertise in their field that includes the knowledge and experience to custom-fit a scalable infrastructure that you need for your company.

6. What kind of experience do you have?

If you look at managed service providers by price alone, you may find that you don’t get the expertise you need. It’s better to outsource your IT services needs to an expert that’s completed hundreds of projects successfully. Extract the most value from an experienced partner to gain peace of mind over the quality of work completed. Included in the experience is the latest training and tools available to best protect your company’s data.

7. How do you handle IT strategy vs. emergency support?

If your company has a strategic IT strategy, you need a service provider that can act as a partner in this process. Your service provider should be the expert resource to assist in your strategy. If all they do is take orders and offer emergency service, they are not the right fit for your company.

8. Who will govern our IT services?

Your SLA should include an understanding about who will govern and take responsibility for your IT services. By including a foundational governance framework, you will set the tone for future accountability and start with a shared understanding for your team and your provider’s team. This framework determines which entity makes specific decisions to support organizational principles.

9. What is your reporting process?

Formal reporting should be listed in your SLA and include the standard set of reports provided and a timeline for delivery of those reports from the provider. The frequency and scope of the formal reports between the provider and in-house manager should take place according to the schedule. However, many providers offer informal reports as work is completed.

10. How will you adopt new configuration management?

Changes are part and parcel of a business, making managing those changes routine for your IT service provider. For routine changes, your SLA should cover implementation, but if you have a large project then you should discuss management with your provider before implementation. You can initiate a change request to the provider to allow them to complete an analysis of how to proceed. Once the provider has responded with a schedule and any questions they have, you can move forward on the project together. With a system in place to accomplish new projects, it’s easy to maintain proper tracking and logging of work completed.

10 Questions Every Company Should Ask Before Outsourcing IT Services Read More »

ThinkstockPhotos 478884007

Intel Chip Vulnerabilities: What We Know So Far!

What Do We Know About Terminal Fault (L1TF) Chip Vulnerabilities?

L1 Terminal Fault (L1TF

Understanding The L1 Terminal Fault (L1TF)

Intel has recently confirmed L1 Terminal Fault (L1TF) chip vulnerabilities in its processors that can be manipulated by malware and malevolent virtual machines with the intention of stealing private information from a computer’s memory.

Who or What is Vulnerable?

In short, Intel’s desktop, workstation, and server CPUs are exposed. What Intel initially described as impregnatable memory, has been found to have holes. That means sensitive data from other software and other customers’ virtual machines can be stolen from malicious software and guest virtual machines either on a vulnerable device or a cloud platform.

This private information may involve personal and financial accounts, passwords, and encryption keys. Also, they pose a threat to be taken from other customers’ virtual machines, including both System Management Mode (SMM) memory and SGX enclaves.

SGX, made by Intel technology, is intended to guard private information from code geared to peep and pry.

SMM serves as a computer’s clean-up operator.  This is an alternate software system that is usually placed in the computer’s firmware. It also has total control over the computer’s hardware and absolute admittance to all of its data.

Let’s break down the three areas, which Intel has named its L1 Terminal Fault (L1TF) bugs:

CVE-2018-3615

CVE-2018-3615 impacts Software Guard Extensions (SGX). More specifically, Intel says, “Systems with microprocessors utilizing speculative execution and software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via side-channel analysis.” The researching teams who discovered CVE-2018-3615, named the vulnerability, Foreshadow.

The Fix:

Fixing this vulnerability will require the microcode update. To be safe, it is also recommended that you update your operating system and VM hypervisor. The patches should be available now for just about all operating systems.

This bug was discovered by two different groups:

  1. Jo Van Bulck, Frank Piessens, Raoul Strackx from imec-DistriNet – KU Leuven.
  2. Marina Minkin, Mark Silberstein from Technion, Ofir Weisse, Daniel Genkin, Baris Kasikci, Thomas F. Wenisch from The University of Michigan, and Yuval Yarom from University of Adelaide and CSIRO’s Data61.

CVE-2018-3620

According to Intel, “Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and side-channel analysis.” In short, CVE-2018-3620 affects operating systems and SMM.

The Fix:

To fix this, operating system kernels will need to be patched. Also, the SMM needs the microcode update, to be safe.

CVE-2018-3646

Intel states, “Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and side-channel analysis.” CVE-2018-3646 affects hypervisors and virtual machines.

The Fix:

Fixing CVE-2018-3646 will require the microcode, operating system, and hypervisor updates in order to protect your data.

Extra Fix:

The way hypervisor software operates is by allowing virtual machines or processors to be run off shared resources of a physical server. At the same time, they use multi-threading – a technique by which a single set of code can be used by several processors at different stages of implementation. Intel calls this Hyperthreading, and it can split one of its cores to act like two separate processors of the multi-core CPU for the hypervisor. This technique creates what Intel calls “sibling threads.”

Since these threads share a pool of L1 cache memory attached to the core, a malicious guest, on one of the virtual processors, could manipulate the third variant of the L1 Terminal Fault and get data used by the other sibling thread.

Even though the virtual processor will recognize this and deny the request of the hacker, if the data is in the cache at the same time, it can be revealed to the hacker.

Both CVE-2018-3620 and CVE-2018-3646 were discovered by Intel’s engineers after the university researchers who discovered “Foreshadow” informed Intel about CVE-2018-3615, the SGX issue.

The Ultimate Fix

The real fix to all these problems will be made by replacing the processors. As Intel stated, when addressing L1TF, “These changes begin with our next-generation Intel Xeon Scalable processors (code-named Cascade Lake), as well as new client processors expected to launch later this year.”

For now, the best advice is to keep patching and be aware of any changes you see in the area of performance and speed with the patches.

Intel Chip Vulnerabilities: What We Know So Far! Read More »

ThinkstockPhotos 531468700

The 10 Most Secure & Insecure Airports For WiFi In The United States

Is It Safe For Me To Use The Airport’s Public Wi-Fi When I Travel?

Safe Wifi Airport

Most airports around the U.S. and abroad provide free Wi-Fi service to travelers stranded in their terminals, waiting for their flights. While this service may appear to be generous, a recent study by Coronet, a cybersecurity company, suggests you might want to think twice before connecting to the airport’s Wi-Fi.

According to Coronet’s findings, most airport public networks are unencrypted, insecure, or improperly configured. Hackers, therefore, have easy access to devices connected to the networks and they can potentially steal your personal data.

What Can Hackers Take?

Most public connections are either unsecured or require shared passwords. Hackers want to get between you and the websites you visit in order to look at your information. They do this with little effort on public Wi-Fi networks.

A weak network makes it easy for a hacker to gain access credentials to cloud apps, such as Microsoft Office 365, G-Suite, Dropbox, and iCloud. They can send malware to your device and the cloud, as well as breach your various forms of infrastructures. Although it’s not horribly difficult to cancel and replace credit cards and void unauthorized transactions, once passwords and business digital frames are exploited, it’s incredibly challenging to recuperate complete control over them.

How Were These Findings Conducted?

Coronet revealed which airports have the most vulnerable networks. They came up with a ranking system of airports by their threat level. Coronet amassed data from more than 250,000 consumer and corporate endpoints over a 5-month period that went through the 45 busiest US airports. They gave each of the airports a threat index score after assessing the vulnerability of the traveler’s devices who used the airport’s network.

“Far too many U.S. airports have sacrificed the security of their Wi-Fi networks for consumer convenience. As a result, business travelers, in particular, put not just their devices, but their company’s entire digital infrastructure at risk every time they connect to Wi-Fi that is unencrypted, unsecured, or improperly configured. Until such time when airports take responsibility and improve their cybersecurity posture, the accountability is on each individual flyer to be aware of the risks and take the appropriate steps to minimize the danger.” – Dror Liwer, Coronet’s founder and CISO

Top 10 Most Cyber Vulnerable Airports:

  1. Boston Logan International Airport
  2. Detroit Metropolitan Wayne County Airport
  3. Charlotte Douglas International Airport
  4. Phoenix Sky Harbor International Airport
  5. Dallas Love Field
  6. Newark Liberty International Airport
  7. Southwest Florida International Airport
  8. William P. Houston Hobby Airport
  9. John Wayne Airport-Orange County Airport
  10. San Diego International Airport

How Did The Hackers Specifically Get Traveler’s Information?

In its report, Coronet revealed some specific ways in which hackers were able to infiltrate the airport’s network and steal people’s information. In the worst rated airport, the data revealed that hackers in San Diego set up an “Evil Twin” hotspot with the name “#SANfreewifi” at the airport to trick users into connecting to it. This allowed them to have access to all of the files that the victims downloaded or uploaded while they were connected. Similarly, at Houston’s William P. Hobby Airport, which was rated third weakest, hackers created a network named “SouthwestWiFi.”

Top 10 least vulnerable airports:

  1. Chicago-Midway International Airport
  2. Raleigh Durham International Airport
  3. Nashville International Airport
  4. Washington Dulles International Airport
  5. San Antonio International Airport
  6. Louis Armstrong New Orleans International Airport
  7. Kansas City International Airport
  8. Lambert St. Louis International Airport
  9. Miami International Airport
  10. Tampa International Airport

How Do I Prevent Hackers from Attacking Me?

You don’t have to stop using public Wi-Fi for the rest of your life, and it’s not exclusively the airport’s fault. Let’s look at an easy solution to protect you from the majority of hackers.

Make Passwords Stronger

You have the ability to turn on two-factor authentication for all your web services. How this works is when you try to login to a website, the website will text message your phone with a code that you’ll enter into the site in addition to your password.

Even if a hacker has your password, they won’t have your phone — which makes it much harder for them to log in to your account.

Use a VPN

A VPN (virtual private network) is a secure and private solution within the wider internet itself that allows you to send and receive data while maintaining the secrecy of a private network.

If you access your data remotely via a VPN connection when you use public Wi-Fi, it can protect data from interception and networks from compromise.

Stay Vigilant

Most importantly, remember to always be alert and use caution when browsing the internet. In your browser, block cookies and remove tracking. Avoid unsafe or untrusted software recommendations. And lastly, avoid suspicious links in your inbox or on your social media feeds.

The 10 Most Secure & Insecure Airports For WiFi In The United States Read More »

ThinkstockPhotos 841526196

Top 10 Laptops Of 2018

What Are The 10 Top Laptops of 2018?

One does not just walk into a store and purchase the first laptop he sees these days; they’re a pretty big investment! Everyone wants to get all the great features they have in mind with their purchase. Laptops have become somewhat of an extension of who we are. They say a lot about us. Everyone knows the stereotype of the young male Mac Book user.

Top 10 Laptops of 2018

Today’s laptop industry is jam-packed with impressive models, and if you’re of the notion that laptops make the world go ‘round, you’d do well to spend some time on your research before committing to just one. If it sounds like we’re talking about a committed relationship like between two people, we’re not! Your relationship with your laptop is much more important!

Brands like Apple, Dell, and Lenovo are at the top of their game, and with so many other great options to choose from, laptop shoppers certainly have their work cut out for them. We’ve rounded up the best of the year, measuring everything from portability to design and, of course, performance.

Here are our picks for the 10 most worthy laptops of 2018.

Number One: Dell Latitude 7390 2-in-1

Dell’s Latitude models have always given the industry’s top laptops a run for their money. The Latitude 7390 2-in-1 is more of the same, only slightly better with the addition of a few new features, such as Microsoft’s Precision Touchpad. In addition to features like Windows Hello facial recognition, and other security upgrades, a major perk of the new model is its portability. Weighing in at just three pounds, it’s easy to tote around, especially with its 2-in-1 convertibility. It also comes complete with a backlit keyboard with deep keys for comfortable typing.

Number Two: Apple MacBook Pro

Mac users are loyal and with good reason. The Apple MacBook Pro, for instance, is one of the best money can buy, and worth every penny if performance ranks high in your list of must-have qualities for a laptop. The newest version boasts plenty of updates to keep things interesting, including a Touch Bar and capabilities for 32 GB of RAM, a significant bump from the previous max of 16 GB. Inside you’ll find an eighth-gen Intel Core professor for plenty of power and a third-generation butterfly keyboard. All-in-all, the MacBook Pro is a hearty contender for best laptop of the year.

Number Three: LG Gram

LG’s new update to its well-received Gram notebook has a lot of things going for it. There is the portability factor for one, as it packs a mighty punch in a relatively small package, weighing in at just 2.1 pounds. This laptop is also durable, as it’s made from metal alloy, and has met military-grade requirements for drop protection. Inside, you’ll find a hearty 72WHr battery good for a whopping 22.5 hours of usage, plus an Intel Core processor from the eight-gen U series. Other features include a fingerprint reader and multiple ports, including HDMI and microSD.

Number Four: Dell XPS 13

The XPS 13 is Dell’s first full redesign in about three years, and it’s nothing short of awesome. In addition to major improvements on things like power, durability, and portability, this laptop also has style. Stain resistant, UV resistant woven glass fiber adorns the XPS13, and inside you’ll find an Intel eighth-gen Core processor. Included is a high-performing battery good for up to 20 hours of usage. There’s truly not much you won’t be able to do with this by your side.

Number Five: Lenovo Yoga 920 (14)

Lenovo’s Yoga 920 laptop is superior to others in its class for several reasons. The 920 boasts cool features like long-range voice-activated support, an optional pen with pinpoint accuracy, and a brilliant 4K display ideal for entertainment. Incredible responsiveness, Windows Ink, and access to Windows Cortana (the electronic assistant) leaves little room for worry if you’re always on the go.

Number Six: HP EliteBook x360 1030

HP’s third-generation EliteBook x360 1030 is impressive in both design and performance. This notebook was reduced in size for convenience, and it’s loaded with other features that strive for the same. It’s lightweight at 2.76 pounds and comes equipped with a powerful eighth-gen Intel processor, along with 18 hours of battery life. It also offers the option of LTE connectivity so you can get things done even without Wi-Fi.

Number Seven: Asus ZenBook Flip S UX370

The ZenBook Flip S UX370 is not your ordinary 2-in-1 laptop. It’s ultra-thin and lightweight, with powerful components that can tackle most things with ease. Within you’ll find a new Kaby Lake R eighth-gen processor, more than enough RAM and a variety of other features bound to delight users, including a fingerprint magnet. If power is what you want, Asus brought the goods.

Number Eight: Lenovo IdeaPad Miix 520

The 2-in-1 laptop/tablet hybrid is growing in popularity, and IdeaPad’s Miix 520 is one of the best of the bunch. Not only is it affordable, but it’s got power by way of its eighth-generation Core i5 CPU, which is still more powerful than some with Core i7 capabilities. And while its battery life could use some improvement, overall, the IdeaPad Miix 520 is a suitable choice for those seeking a 2-in-1 with major potential.

Number Nine: Huawei MateBook X Pro

Huawei is a lesser known brand in the laptop world, but that doesn’t make the MateBook X Pro any less spectacular. This 13.9-inch model is equipped with an eighth-generation Intel Core i5 – i7, and carries with it an excellent battery life. A rich display and sleek design overall render the MateBook X Pro one of our favorites, and with a moderate price point, it’s within reach for many.

Number Ten: HP EliteBook 1050

The EliteBook 1050 is the first 15-inch in the Elite 1000 series, and it takes complete advantage of its size. Its display can reach up to 650 nits of brightness, and it also comes with an integrated privacy screen. It’s up to par on performance, with Intel’s eighth-generation H series processor, and a capacity for 32 GB of RAM. Its battery life is nothing to scoff at either. The EliteBook is good for 16 hours on a single charge, rounding out the benefits of this notable laptop.

Top 10 Laptops Of 2018 Read More »

Tips To Have Microsoft Outlook Play By The Rules

Using Rules To Organize Your Outlook 2016 Inbox

The purpose of Rules in Microsoft Outlook is to help you organize your email and receive updates if items are changed. Rules can save you time, keep on top of high priority tasks, and reduce the clutter of your Outlook inbox – if you know how to use the Rules Wizard correctly.

Basics of Outlook Email Rules

To set up a Rule, you first select the condition(s) that the email must meet (e.g., certain words in the subject line or from a particular sender), then indicate what you want to have happen when an email meets those conditions (e.g., place in a certain folder or provide an alert). It helps if you think about how you process your email. For example, you get various emails about a certain project, so you place those in a folder for that project. The condition would be that the subject line contains that project name in it, and the action would be moving it to a certain folder.

Creating a Simple Rule

Let’s create a simple rule that takes all emails with a subject line that contains the word “Proposal” and moves them to a folder in the “Smith Account.” Begin by right-clicking on a message in your Inbox. In the list that appears, select Rules>Create Rules. This will open up the Create Rules dialog box.

The Create Rules dialog box is fairly straightforward to use. The first section of the dialog box deals with the rule conditions. Check the Box beside Under Subject Contains, then type Proposal in the text box next to it. That indicates the rule is to apply to all emails whose subject contains the word Proposal. Then, moving down further in the dialog box, check the box next to Move the Item to Folder. A list of available folders pops up. Select the Smith Account folder (note you can create a new folder if needed by clicking on the New button), and click Ok. Smith Account will now appear next to the words Move Item to Folder. Next, click on OK to create this rule.

Another dialog box pops up to let you know the rule has been created. Notice there is a checkbox that says Run this rule now on messages already in the current folder. If you check that box and click OK, this allows the rule to immediately be put to use on existing emails. Otherwise, it will wait until new email messages come in.

For email rules, conditions can include sender, text that appears in the subject line, or who the email was sent to. When an email meets the conditions, then you can choose what happens next.

Available options for what happens in a simple email rule like the one we just created include the following:

  • Display in the New Item Alert Window
  • Play a Selected Sound
  • Move the Item to a Folder

Using Rule Templates

You can access templates for Rules by going to File>Manage Rules and Alerts>New Rule. Here the Rules Wizard gives you access to templates organized under three categories: Stay Organized, Stay Up to Date, and Start from a blank rule.

Under Stay Organized, there are templates for the following:

  • Move messages from someone to a folder
  • Move messages with specific words in the subject to a folder
  • Move messages sent to a public group to a folder
  • Flag messages from someone for follow-up
  • Move items from a specific RSS Feed to a folder

Under Stay Up to Date, here are your options:

  • Display mail from someone in the New Items Alert Window
  • Play a sound when I get messages from someone
  • Send an alert to my mobile device when I get messages from someone

Let’s run through a quick example using a Rules template. We will create a rule that flags messages from a certain person for follow-up. Note that this can be applied to an email from people or from public groups. Begin by going to File>Manage Rules and Alerts>New Rule. This will start the Rules Wizard. Under Step 1, go to Stay Organized, select Flag messages from someone for follow-up.

At the bottom of the Rules Wizard, you will see Step 2. Here, you will edit the rule description to meet your needs. Anything underlined in blue can be edited. In the case of a move messages rule, you should see something like this under Step 2:

Apply this rule after the message arrives
from people or public groups and
flag message for follow up at this time

If you click on people or public groups, then you will be provided with a list of people or public groups to choose from. Clicking on follow up at this time will open up flagging options. These include what type of flag to apply (e.g., Follow Up, For You Information, Forward, etc.) and when it needs to be completed (e.g, Today, Tomorrow, This Week, Next Week, No Date, Complete). Once you’ve edited the rule description to meet your needs, click on Next.

This takes you to some additional options for refining the rule, such as requiring that certain words be in the subject or that the email comes through a specific account. Clicking on Next allows you to add exceptions to the rules, such as making an exception for emails sent from a public group or that you have been CC’ed on.

Clicking Next again allows you to name your rule and choose from a few more rule options that are presented next to checkboxes. These rule options are as follows:

  • Run this rule now on messages already in Inbox
  • Turn on this rule
  • Create this rule on all accounts (this only appears if you have multiple accounts)

Once you’ve made the modifications you need, click on Finish. Outlook will provide you with a message to let you know if the rule is only run when Outlook is open. Click on OK, and everything will be set up.

Conclusion

Taking the time to think through how you process email helps you gain control of your Outlook 2016 inbox. Remember that the rules can be as simple or complex as you want them to be. If you don’t know where to start, then use one of the Rule Templates. Templates simplify the Outlook Rules Wizard process so you can get familiar with how it works.

Tips To Have Microsoft Outlook Play By The Rules Read More »

Call Now Button