Welcome!
Bullet Points
Understanding Security Bulletins
Learning Guide: Backup Solutions
Security Issues With New PayPass Payment Devices
World Virus Map
Learn How to Secure Your Remote Environment


Limiting Downtime

If there are any topics you would like to see discussed in the future or if you have any comments, please contact me at JoeT@HighCaliber.com

Top

• Understanding Security Bulletins

  Each month, Microsoft releases a set of security bulletins on "Patch Tuesday," along with a technical description of each bulletin. These descriptions can be very technical and long-winded. Randy Franklin Smith's Ultimate Windows Security website provides an explanation and his own personal take on each of the security bulletins soon after they're released. Not only does he mostly de-jargonize the language in the bulletins, he also provides caveats and tips on how to determine whether you need to deploy them based on your particular situation. You can also subscribe to have the assessments sent to you each month via email.

  http://www.wxpnews.com/YWT0CI/060418-Security_Bulletins

  Top

• Learning Guide: Backup Solutions

  This article introduces you to backup, explains best practices and pitfalls to avoid and provides troubleshooting advice:

  Click Here

  Top

• Security Issues With New PayPass Payment Devices

  The Wall Street Journal recently had an article about mostly people in IT, that destroy the RFID chips in their so called PayPass credit cards because hacking is rampant. These RFID cards are called SpeedPass, ExpressPay or Contactless. The cards have an embedded chip with a miniature antenna. When they are activated by a scanner, the chip transmits your account data via radio. By waving your hand the purchase amount is drawn from your account. It is not hard to see how the bad guys would exploit this.

  Devices have cropped up that protect you from RFID thieves, like wallets with metal shields designed to block radio signals. Here is an online shop with RFID-busting products:

  https://shop.foebud.org/index.php/cPath/30

  Top

• World Virus Map

  This interactive map allows you to see virus threats around the world:

  Click Here

  Top

• Learn How to Secure Your Remote Environment

  An increase in telecommuting and the ongoing need for business travel have made small businesses seek ways to accommodate users working offsite. If you have employees working remotely, it’s important to implement the appropriate security solutions and practices. With the right tools and knowledge, you can effectively create a secure remote working environment for your small business.

  Learn More - Click Here

  Top

Limiting Downtime

Downtime is expensive. This is why we recently implemented our new InSite Service Programs which were specifically designed to minimize downtime. Keeping downtime to a minimum requires forethought, preparation, proactivity, practice and vigilance. Here are some ideas on the subject.

Changes, upgrades and patches are one of the most common causes of downtime. This includes both the planned downtime it takes to install the changes and the unplanned downtime when things go wrong. (Most security related problems occur because machines were not properly patched.) Change and patch installation is a process that needs to be standardized, documented and controlled as much as possible. This is why we offer a patch management tool with InSite.

The ability to instantly restore files or to roll back a system to a recent last-known-good state is a powerful tool for minimizing downtime. While they can't replace true backups, such techniques can solve many problems, especially the most common ones. High Caliber has been implementing these systems for clients for some time now.

It is important to think ahead. Creating a Business Continuity Plan that states clear data recovery objectives is a great start. Make sure you prioritize your business-critical applications and plan to restore the most important first. Setting these goals isn't just a matter for the IT department. They should be set by, and bought into by, the entire organization. This not only lets everyone know what to expect, it also makes it easier to invest in needed equipment and training to meet those goals.

Remember to plan carefully. It is impossible to think of every possible contingency ahead of time, but that shouldn't stop you from trying.

Monitor constantly and be proactive. The best way to limit your downtime is to catch problems before you go down. Monitor your system's performance constantly and compare current performance in critical areas to a baseline record. Pay special attention to trends. Often you can spot hardware or software problems early and fix them before they shut you down. InSite Monitoring can provide automatic warning when critical parameters exceed pre-set levels or if an operation needs a large number of re-tries.

Test and drill regularly. Unfortunately, a large number of emergency restores -- something like two-thirds by some estimates -- suffer significant problems or fail entirely. Even something as simple as a misplaced (or worse, mislabeled) tape can add hours to your down time. We are offering an automatic backup across the Internet service which alleviates alot of these problems.

The only way to make sure you can execute your plan is to test it constantly. At the very least, make sure your restoration procedures work by doing test restores and comparing the results with the original files. It's better to test the entire recovery procedure from beginning to end, and best to conduct regular recovery drills to make sure everything works and everyone involved is prepared.

When the system is down you should never have to guess and never have to experiment. Ideally, you should have all the information you need at your fingertips, including all the required procedures to get back up. This should all be filed and cross-indexed, and you should store at least one copy in a separate location other than the original computer. You should also keep a copy of your current documentation offsite.

Among the items you need are the numbers of all the current versions of software and firmware you are using, including patches, complete system configuration information and a duplicate of your tape inventory detailing what is stored on which tapes. It's also a good idea to keep lists of where recovery-related procedures are found in the documentation and current lists of phone numbers for vendor contacts.

Top

Data Protection Services
Disaster Planning
Email Archiving