Important Bulletin – DNS Infection Could Break Your Internet

Last November, an Estonian hacker ring that infected millions of computers through malware-laded servers was successfully disbanded by the FBI in Operation Ghost Click – Read the CNN article here if you’re unfamiliar with this story. Since 2007 the hackers had been redirecting and infecting computers all around the globe.

How did they do it? They used a type of malware exploit that allowed them to redirect internet links to fraudulent sites. When computers are on the internet, they use a DNS (or domain name system) to convert friendly names, like www.mysherpa.com, to a numerical link. This numerical link allows computers to talk to each other across the web. The hackers exploited this conversion and forced many unsuspecting computers to redirect to their infected sites. It worked because it appeared to operate as a legitimate business, when in fact, it was using computers to complete fraudulent transaction on infected servers.

Since the sting, the FBI have taken measures to minimize the effects of the malware on users who were unaware of the infection, however a court order to keep the “cleaned” servers (replaced after the hackers were arrested) will be expiring on July 9^th, 2012. What does that mean for you? It means that if you are still infected, your computer will still direct to the “bad” server address, and since the server will no longer be live, you will potentially be blocked from any internet access from any machine that is infected. Luckily, there’s a simple way to know for sure before the deadline.

In order to help users who may still be infected, U.S. authorities have created a link to help determine if you are infected. This free service is a quick DNS checker service which will determine in seconds if your computer is carrying this; we are highly recommending that you take five minutes and visit the following link – http://www.dcwg.org/. This link will NOT scan your computer, will NOT install any kind of tracker or software – it’s simply to check the DNS record your computer uses and will tell you if you are infected (red) or not (green). It also WILL NOT remove the infection, should you have it. You will need to run normal antivirus/antimalware scans and removers if you believe you have an infection. The DCWG website has many helpful guides if you believe you have been infected or are a victim of the scam.

Why are we advocating that you check your computer right away? Because the FBI is only running this service through July 9^th, 2012. After that date, any computer that is still infected won’t have the stopgap measure to help them access the internet – and connectivity may be lost. It’s really worth it to take the time to check the DNS record – your computer will NOT be scanned for any additional information and you can rest assured that you’re not spreading or harboring malware.

If you have any questions or concerns about this scanner or what may be lurking on your computer or network – MySherpa® is here to help you – please visit our Contact Us page and drop us a line.

Best,

Greg

More Resource links about the malware and infection:

Time Techland article

Federal Bureau of Investigation new report

DCWG Official Site

In many cases, the key to a competitive advantage is the effective application of Business Intelligence (BI). Through analyzing business data, companies gain the ability to identify weak spots and develop ways to strengthen them. While BI is complex, there are many software vendors that have released Software as a Service (SaaS) apps to help small businesses make sense of their data.

Here is an overview of four Business Intelligence SaaS apps that you could use in your business:

KPI KPI (Key Performance Indicator) is a company that offers a cloud based dashboard that integrates with your CRM or ERP software. It provides a way for businesses to visualize, analyze and report real-time data from your business’s key metrics. All the results can be viewed on your computer or on your mobile device.

GoodData GoodData is an on demand BI provider that offers users a base service that they can add apps to as and when needed. The whole service and dashboards are stored and run in the cloud, and are considerably cheaper than traditional BI services.

Bimotics Bimotics offers an on demand BI service for businesses in almost every major sector. They offer one suite that has data connectors, an established BI engine and analytical tools that should meet most small businesses’ needs. The suite can also be accessed by almost any mobile device.

Tibco Silver Spotfire Silver Spotfire is a cloud based SaaS aimed at individuals and small businesses. It lets users create interactive dashboards and visual analytics without the need of costly infrastructure. This app also integrates with major social media services, allowing users to put live dashboards on their blogs.

These are just four useful apps that you can use in your business. If you’re interested in how you can integrate BI solutions into your business, please contact us.

Everywhere you look business owners are inundated by issues pulling their attention in a multitude of directions. One issue almost every owner has managed to get under control is network security. These businesses are secure from external threats and because of this, believe their systems to be 100% safe, however, they may have missed the possibility of internal threats.

In recent years the majority of security threats and compromises have come from within the company. A common threat to companies is the logic bomb - malware that targets IT systems and deletes data. As a logic bomb is introduced from within the network, the blame often lies with a disgruntled employee with full access to internal systems.

Insider threats Giving employees full access to the network when they don’t need it is a common mistake often made by companies. There’s little need for an employee who does graphic design to have access to weekly sales records. This practice could set your company up for a considerable security problem in the future.

Dawn Cappelli, an insider-threat expert at the Carnegie Mellon Software Engineering Institute stressed, "These types of insider attacks happen to businesses of all sizes, from small companies to very large corporations." This is an important issue businesses should be aware of if they want to remain secure.

Take Precautions Security threats can be a particularly harsh nightmare for small businesses, as many don’t have an IT department or staff with the technical expertise needed to maintain a secure network. If you’re one of these organizations, it’s a good idea to hire an outside consultant to help you with your network security. With consultants, it’s important that you maintain close contact with them to ensure any issues that crop up are dealt with expeditiously.

If you don’t work with an external company there are a few things you should do when you have an employee leave the company. First, their accounts should be deleted immediately and their access privileges should also be revoked. Second, if you have accounts with shared passwords, you should change them to ensure an ex-employee can’t gain access to the system.

If you’d like to learn more about internal security, and measures you can take to ensure you are safe, we are ready to help you. Please contact us.

Respect him or not, Mao Tse-tung had it right when he said, “The only real defense is an active defense.” Businesses have taken this literally and have adopted Business Continuity Plans (BCP) to ensure that when a disaster strikes they are ready with an active plan. Many of them are prepared technology wise, but the other assets may not be so ready.

Here are six key non-IT functions and processes that need to be in place to ensure your company is ready to effectively execute your BCP.

Easy to use plans Many continuity plans have been developed mainly for the IT department, as such, they can be a little complicated to understand and follow if employees don’t have a technical background. You should aim to have a plan that’s easy to follow and can be understood by all employees.

Communicate plans Remember that your plan encompasses all facets of your organization. It’s crucial that every employee knows their role and the relevant actions to take when the plan is executed. To do this, you need to ensure that all employees have access to a copy of the plan and any changes or updates are clearly communicated.

Test plans Beyond communication, it’s important to conduct regular tests, with every quarter being sufficient. The tests should be as real as possible and span all departments within the organization. This will ensure that employees are aware of how they, and the systems, will react under duress. It’ll be beneficial to your business if the first time the employees execute the plan isn’t during an emergency.

Short term and long term plans Your BCP should consist of both long term and short term elements that can be easily adapted to meet changing business environments and the emergence of new threats. You should aim for an even mix of short and long term solutions that cover as wide a variety of situations as possible.

Ensure buy-in from all levels If you’re in the process of instituting a BCP you should ensure that the whole organization is onboard with the plan. If an employee is unsure about the validity of a part of the plan, take the time to find out why and ask for suggestions. An uninformed or uncooperative employee could be the difference between survival and failure in a disaster situation.

Update and Review After every test, staff turnover and technological update, you should review the plans and make changes if necessary. Essentially, if anything in the company changes, review and update the plan. Remember: just because you have an effective plan this month, doesn’t mean it’ll be so in the future.

Continuity plans are only as strong as the weakest link. In an emergency, the last thing you want is an employee following the wrong process or be unsure of what they should be doing. If this happens, you could see an exponential growth in recovery time and costs. We’re ready to tell you more, so please contact us if you would like to talk continuity planning.

At the office we’ve become paranoid about keeping our computers secure. Many companies use security devices and passwords to ensure their data is safe. The same can’t be said for smartphones. Many of us take no, or, at the very most basic, steps to ensure that our phones are safe. With the majority of employees using their device for both work and personal use, the need to keep our devices secure is paramount.

Whether you have an Android, iPhone or Windows Phone 7, here are two tips to keep your smartphone secure:

Lock your screen If you have data or information on your phone you would like to keep secure, the first thing you should do is lock your screen. Most smartphone users lock their phone with a 4 digit number combination, but it’s recommended you use a password for higher security.

• On Android. To establish a password on your device go to Settings and select Security. Press Screen lock. On Ice Cream Sandwich, you have six options for security, with the least secure at the top and most secure at the bottom. Many users select Pattern or Password. Enter the password twice and press Confirm.
• On iPhone. Select the Settings app followed by General. From there select Passcode Lock and turn it on. You’ll be asked to set your passcode and confirm it.
• On Windows Phone. To set a passcode go to the home screen of your device. Open Settings from your Application list and select Lock & Wallpaper. Press Password, enter your password and then press Done.

It’s recommended that you set a password that’s unique. Don’t use your birthday, address or phone number. At the same time, you have to make it easy to remember. If you’re having trouble coming up with a password, this video by Mozilla is a big help.

Enable remote wipe While passwords and other security codes will go a long way in preventing others from accessing your phone, it often isn’t enough. The next step in device security is to set up the ability to remotely wipe your device.

• On Android. At this time there is no native remote wipe option on your phone. You’ll have to download an app from the Play store. The apps work by using a push service - you “push” the commands to your phone from another source i.e., a website. When you install the app, you’ll have to register your phone and access it from a website.
• On iPhone. The iPhone has remote wipe capabilities which can be accessed through iCloud. On your device select Settings, iCloud and turn on Find my iPhone. If you lose your phone log into iCloud and select Find my iPhone. From there you’ll be able to remotely wipe your device.
• On Windows Phone. If you lose your phone you can remotely wipe it by going to the Windows Phone website, logging in and selecting My Phone. From there you’ll be able to wipe your phone.

Even if you don’t have confidential information on your phone, it’s a good idea to, at the very least, set a solid passcode on your phone. Adding the ability to remotely wipe your phone will ensure the information won’t be viewed by other people. If you’d like other ways to keep your mobile phone secure, please contact us.

With a large number of technological devices and access to an incredible amount of data, our collective attention span is shorter than ever. This has posed a serious issue for SMBs. A rising number of companies and app developers are taking popular concepts and elements used in video games and applying them to business situations with the goal of holding our attention.

The term to describe this trend is gamification, but what is it, and how can businesses use it?

What is gamification Gamification is the application of game design techniques and mechanics to non-game applications. Foursquare and its badges is a good example of this - users check in at locations to earn points, unlock badges and compete with their friends. Do they win anything? Nothing physical, but there’s something satisfying with competing with other people to be the best.

While gamification got its start with technological related operations, it has since been integrated by businesses of all sizes. Business that have adopted elements of gamification have seen improved user engagement and ROI.

How can businesses leverage gamification? Gamification is interesting because it can be applied in a variety of different business situations. For example, here are three such uses:

• To increase employee engagement. It can be hard at times to keep your employees engaged while they’re doing mundane tasks. One of the most common uses of gamification is deploying badges to act as a motivator to encourage employees to put effort into their job. When an employee reaches a predetermined level they are recognized for their achievement. This will go a long way in improving engagement.
• To create brand advocates. You can use gamification to turn your customers and fans into brand advocates. Before they start singing your praises, they need to be given a reason to do so. The best way to do this is to create a points/reward system. For actions such as purchases or reviews, customers gain points that can be spent on other services. Think of it as akin to the points system used by credit card companies.
• To generate traffic. Many SMBs are dependent on their websites for revenue but struggle to get traffic to their site. Gamification techniques can be employed to encourage people to spend more time on, and return to, your website, almost like a modern loyalty program.

There are many uses for gamification and we’ll continue to see new and innovative ways to deploy it in organizations. If you’re interested in ways you can implement aspects of gamification in your business, or would like to learn more, we are here happy to sit down with you for a chat. Please contact us.

There’s a big gap between what physicians thought they could do, and what they were eligible to do, to collect meaningful use incentives last year, according to a new study, which appears in the May issue of Health Affairs.

The study shows that 91 percent of physicians nationwide were eligible for federal electronic medical record (EMR) incentives in 2011. However, only 10 percent intended to apply for the program.

That number was on the low side of what the federal government had anticipated. The Center for Medicare & Medicaid Services had estimated that 10 percent to 36 percent of Medicare-eligible professionals and 15 percent to 47 percent of Medicaid-eligible professionals would demonstrate meaningful use in 2011.

According to the authors, among physicians intending to apply for meaningful use, about 21 percent were ready with the 10 core capabilities. Even in the state with the highest degree of readiness - Wisconsin - only 32 percent of physicians were ready with the 10 core capabilities.

The authors say the low level of readiness illustrates the challenges in meeting the federal schedule for financial incentives. Healthcare practices have support options, however. Your IT provider can help you if you need assistance preparing your meaningful use.

Microsoft has seen mixed success with their Windows Phone platform. Many of the smartphones released offer some top notch hardware specs along with an intuitive layout. One of the main features that attracts users is the near seamless integration with Microsoft’s programs. For example, if you use Microsoft Office 365, you can sync with your phone and access your files on the go.

If you would like to connect Office 365 with your Windows phone, follow these steps:

Please be aware that these instructions are for Windows Phone version 7.5. If you are running an earlier version, it is recommended that you upgrade to version 7.5 first.

1. On your Windows Phone press Settings followed by Email and Accounts.
2. Tap Add an Account and select Outlook. This is a catchall for any email service that uses Microsoft Exchange, Office 365 included.
3. Enter your Office 365 email address and password, and your Windows Phone will automatically configure your account.
4. After the configuration is complete, a window will pop up informing you that your Office 365 email and SharePoint Online Team site have been set up on your phone. You’ll also be able to download Microsoft Lync 2010 from the Marketplace if you need it.

When you return to the home screen, you’ll notice that an Office 365 email tile has been placed at the bottom of the screen. It’s a good idea to go into the Email settings on your phone (follow step 1 above) and adjust the settings to your needs. For example, your email account will automatically be named Outlook. To re-name it tap on Outlook and select Account Name.

From the Settings page you’ll also be able to select which Office 365 services you want your phone to sync with e.g., contacts. By default your contacts will show up in your People hub. If you don’t want your contacts to sync, you can deselect it from this page.

If you use Office 365 and a Windows Phone you’ll find that the integration is near seamless. If you would like to learn more about Windows Phone or any other Windows product, we’re here to help.

“Change is good,” an adage Google seems to have adopted and implemented with relish. One of the latest changes made was to the layout of Google+, Google’s social network. The new layout is a dramatic change that’s been met with general applause from the tech community. If your company has a Google+ profile, it should have already been implemented.

When you first log into the updated Google+ the amount of white space will jump out at you. It’s a startling contrast to the other social networks. After you adjust to it, you’ll notice four main aspects of the new look:

1. To the left. On the left is a bar, or ribbon as Google calls it, with icons for the main features. This ribbon is reminiscent of the Windows Task Bar and works much the same way. Simply click on an icon to open the related function. If you have an icon you don’t use, simply click and drag it out of the bar and it will be moved to More.
2. In the center. In the center of the page you’ll see all your updates along with a bar above them with your top two circles. To the right of your updates you’ll see what’s trending on Google+, the Invite friends to Google+ button and a suggestions box.
3. To the right. On the far right is a very prominent chat bar with all your chat contacts. Above that is the Start a hangout button which allows you to quickly begin a hangout session.
4. Up top. At the top of the page you’ll see the search bar, from which you can search Google+ for posts, topics, friends, etc.

Are you in love with the cover photo on your Facebook profile? Do you like having a picture spread across top of your profile? If yes, Google+ now has the option to set a cover photo at the top of your profile. Not a fan of one picture across the top of your profile? You can also pick and choose multiple pictures. Your profile picture and information have been moved to the right side of the picture with your circles below.

New features There are three new useful features:

1. Explore. On the left ribbon is a compass icon. Clicking this will open Explore, a page that displays what’s currently trending on Google+. The content shown on this page is viewable by all users, and this gives businesses a great marketing opportunity if they can capitalize on current trends.
2. Block. On your social network profiles there may be a user who is leaving rude comments or spam messages on your posts. On Google+ you can block the user from posting. Simply go to their profile and select block under their profile picture.
3. New hangout page. If you click on the hangouts icon on the left hand ribbon, you’ll be taken to the hangouts page. On the page you’ll see current hangouts that you can join or you can start a new one based on any post. To start a public hangout click the camera icon at the bottom of the post.

It looks like Google has taken a big gamble with the new layout, and only time will tell if it will attract more users. If you would like know more about Google+ and how your business can capitalize on what it offers, we’re ready to talk.

With each new version of Android, Google has improved the mobile OS to the point where it’s now one of the most popular mobile systems. When the new version of Android was announced, users couldn’t wait to get their hands on it. Now that many Android devices have been upgraded there’s a growing number of users enjoying Ice Cream Sandwich.

Here are some great tips and tricks to help you get the most out of Ice Cream Sandwich:

• Settings. There’s a quick and easy way to access settings. Simply swipe down from the top of your screen and the Notifications menu will open. Press the blue icon (sliders) beside the date to access your settings.
• Uninstall apps. This used to be one of the more complicated actions of Android, but with 4.0, it’s easy. On the home screen press the Apps icon (white circle with 6 squares) and find the app you would like to uninstall. Press and hold the app, drag it up to Uninstall which will be in the top left of the screen and let go.
• Swipe away. A neat feature of 4.0 is that you can swipe away apps and messages in some locations. If you have lots of notifications, open the Notifications menu and swipe the message to the right to dismiss it. You can also do the same with recent programs (double rectangles in the bottom right of your screen) and browser tabs.
• Disable app icons. When you download and install programs from Google Play, a shortcut will be automatically placed on your home screen. You can turn this off by opening Google Play and selecting the icon with three vertical grey squares followed by Settings. Tap Auto-add widgets and app shortcuts won’t be added to your home screen after they’re installed.
• Send text response when you can’t answer. If you’re in a meeting and can’t answer a call, simply drag the call selector button up to be given a number of text responses you can send to the caller.
• Quick browser control. You can streamline the browser controls in the stock Android browser. Open the browser and select the three grey squares in the top right of the screen and tap Settings. Select Labs followed by Quick Controls. You’ll notice that your URL bar and tabs are gone. To see them, press and hold anywhere on the right side of your screen to bring up a selection wheel.

Ice Cream Sandwich is by far the best version of OS and offers users some great features. If you’d like to learn more about Ice Cream Sandwich, or other Android products please let us know. We’re happy to help.